file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a files unedited contents, which allows remote attackers to read arbitrary files via the file field.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webmin | Gentoo | * | 1.590 (including) |
| Webmin | Gentoo | 1.140 (including) | 1.140 (including) |
| Webmin | Gentoo | 1.150 (including) | 1.150 (including) |
| Webmin | Gentoo | 1.160 (including) | 1.160 (including) |
| Webmin | Gentoo | 1.170 (including) | 1.170 (including) |
| Webmin | Gentoo | 1.180 (including) | 1.180 (including) |
| Webmin | Gentoo | 1.200 (including) | 1.200 (including) |
| Webmin | Gentoo | 1.210 (including) | 1.210 (including) |
| Webmin | Gentoo | 1.220 (including) | 1.220 (including) |
| Webmin | Gentoo | 1.230 (including) | 1.230 (including) |
| Webmin | Gentoo | 1.240 (including) | 1.240 (including) |
| Webmin | Gentoo | 1.260 (including) | 1.260 (including) |
| Webmin | Gentoo | 1.270 (including) | 1.270 (including) |
| Webmin | Gentoo | 1.280 (including) | 1.280 (including) |
| Webmin | Gentoo | 1.290 (including) | 1.290 (including) |
| Webmin | Gentoo | 1.300 (including) | 1.300 (including) |
| Webmin | Gentoo | 1.310 (including) | 1.310 (including) |
| Webmin | Gentoo | 1.320 (including) | 1.320 (including) |
| Webmin | Gentoo | 1.330 (including) | 1.330 (including) |
| Webmin | Gentoo | 1.340 (including) | 1.340 (including) |
| Webmin | Gentoo | 1.370 (including) | 1.370 (including) |
| Webmin | Gentoo | 1.380 (including) | 1.380 (including) |
| Webmin | Gentoo | 1.390 (including) | 1.390 (including) |
| Webmin | Gentoo | 1.400 (including) | 1.400 (including) |
| Webmin | Gentoo | 1.410 (including) | 1.410 (including) |
| Webmin | Gentoo | 1.420 (including) | 1.420 (including) |
| Webmin | Gentoo | 1.430 (including) | 1.430 (including) |
| Webmin | Gentoo | 1.440 (including) | 1.440 (including) |
| Webmin | Gentoo | 1.450 (including) | 1.450 (including) |
| Webmin | Gentoo | 1.470 (including) | 1.470 (including) |
| Webmin | Gentoo | 1.480 (including) | 1.480 (including) |
| Webmin | Gentoo | 1.500 (including) | 1.500 (including) |
| Webmin | Gentoo | 1.510 (including) | 1.510 (including) |
| Webmin | Gentoo | 1.520 (including) | 1.520 (including) |
| Webmin | Gentoo | 1.530 (including) | 1.530 (including) |
| Webmin | Gentoo | 1.550 (including) | 1.550 (including) |
| Webmin | Gentoo | 1.560 (including) | 1.560 (including) |
| Webmin | Gentoo | 1.570 (including) | 1.570 (including) |
| Webmin | Gentoo | 1.580 (including) | 1.580 (including) |