Vulnerability Description
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hestiacp | Control Panel | < 1.1.1 |
| Vestacp | Control Panel | <= 0.9.8-25 |
References
- https://github.com/hestiacp/hestiacp/issues/748ExploitThird Party Advisory
- https://github.com/hestiacp/hestiacp/releases/tag/1.1.1Third Party Advisory
- https://github.com/serghey-rodin/vesta/commit/c3c4de43d6701560f604ca7996f717b08ePatchThird Party Advisory
- https://github.com/hestiacp/hestiacp/issues/748ExploitThird Party Advisory
- https://github.com/hestiacp/hestiacp/releases/tag/1.1.1Third Party Advisory
- https://github.com/serghey-rodin/vesta/commit/c3c4de43d6701560f604ca7996f717b08ePatchThird Party Advisory
FAQ
What is CVE-2020-10966?
CVE-2020-10966 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL c...
How severe is CVE-2020-10966?
CVE-2020-10966 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10966?
Check the references section above for vendor advisories and patch information. Affected products include: Hestiacp Control Panel, Vestacp Control Panel.