{"vuid":"VU#842780","idnumber":"842780","name":"Vesta Control Panel is vulnerable to cross-site request forgery","keywords":["csrf","open source"],"overview":"Vesta Control Panel is vulnerable to a cross-site request forgery (CSRF) attack.","clean_desc":"CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2861 Vesta Control Panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.","impact":"An unauthenticated remote attacker may perform actions with the same permissions of a victim user.","resolution":"Apply an update Vesta Control Panel has released version 0.9.8-14, which addresses this issue. Users are encouraged to update as soon as possible.","workarounds":"","sysaffected":"","thanks":"Thanks to Ben Khlifa Fahmi and \nBen Mné Tarek for reporting this vulnerability, and to Vesta Control Panel for quickly addressing the vulnerability.","author":"This document was written by Garret Wassermann.","public":["http://vestacp.com/roadmap/#history","https://github.com/serghey-rodin/vesta/commit/527e4a9a62204be9b34c1338fadfe959b0fd3974"],"cveids":["CVE-2015-2861"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:14:15.243428Z","publicdate":"2015-06-05T00:00:00Z","datefirstpublished":"2015-06-16T15:55:16Z","dateupdated":"2015-06-16T22:26:00Z","revision":26,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"6.0","cvss_basevector":"AV:N/AC:M/Au:S/C:P/I:P/A:P","cvss_temporalscore":"4.7","cvss_environmentalscore":"3.5","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}