Vulnerabilities > CVE-2021-30070 - Unspecified vulnerability in Hestiacp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/hestiacp/hestiacp/commit/27556a9a43aeaf308b33be224c2e70f2011574e6
- https://github.com/hestiacp/hestiacp/commit/27556a9a43aeaf308b33be224c2e70f2011574e6
- https://github.com/hestiacp/hestiacp/commit/9a1fccd37f2842fdf96ffb48895c4bfa9788c469
- https://github.com/hestiacp/hestiacp/commit/9a1fccd37f2842fdf96ffb48895c4bfa9788c469