Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
I
ISPConfig 3
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 488
    • Issues 488
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 25
    • Merge Requests 25
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #4869

Closed
Open
Opened Dec 04, 2017 by Chris Kessler@mra

Authenticated local root vulnerability

There is an authenticated privilege escalation vulnerability in ispconfig 3.

An authenticated user or admin may inject arbitrary characters while creating a cron job resulting in a crontab being executed as the root user.

This has been tested and known to be working from the api.

CVE has been requested and is in progress.

Edited Dec 04, 2017 by Chris Kessler
Assignee
Assign to
3.1.9
Milestone
3.1.9
Assign milestone
Time tracking
None
Due date
None
Reference: ispconfig/ispconfig3#4869