Vulnerability Details CVE-2015-2861
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v2 Score 6.8
References
- http://vestacp.com/roadmap/#history
- http://www.kb.cert.org/vuls/id/842780
- http://www.securityfocus.com/bid/75215
- https://github.com/serghey-rodin/vesta/commit/527e4a9a62204be9b34c1338fadfe959b0fd3974
- http://vestacp.com/roadmap/#history
- http://www.kb.cert.org/vuls/id/842780
- http://www.securityfocus.com/bid/75215
- https://github.com/serghey-rodin/vesta/commit/527e4a9a62204be9b34c1338fadfe959b0fd3974
Products affected by CVE-2015-2861
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-0
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-13
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-14
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-15
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-16
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-17
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-18
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-19
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-20
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-21
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-22
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-1
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-10
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-11
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-12
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-2
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-3
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-4
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-5
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-6
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-7
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-8
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-9