Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
CVSS Score
7.2
EPSS Score
0.0
Published
2001-05-28
Page 5