Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • I ISPConfig 3
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 551
    • Issues 551
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 41
    • Merge requests 41
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #4869

Closed
Open
Created Dec 04, 2017 by Chris Kessler@mra

Authenticated local root vulnerability

There is an authenticated privilege escalation vulnerability in ispconfig 3.

An authenticated user or admin may inject arbitrary characters while creating a cron job resulting in a crontab being executed as the root user.

This has been tested and known to be working from the api.

CVE has been requested and is in progress.

Edited Dec 04, 2017 by Chris Kessler
Assignee
Assign to
Time tracking