CVE-2021-27231

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:57

Type Values Removed Values Added
References () https://github.com/hestiacp/hestiacp/issues/1622 - Third Party Advisory () https://github.com/hestiacp/hestiacp/issues/1622 - Third Party Advisory
References () https://github.com/sickcodes/security/blob/master/advisories/sick-2021-006.md - Broken Link () https://github.com/sickcodes/security/blob/master/advisories/sick-2021-006.md - Broken Link
References () https://sick.codes/sick-2021-006 - Exploit, Third Party Advisory () https://sick.codes/sick-2021-006 - Exploit, Third Party Advisory
References () https://www.hestiacp.com/ - Vendor Advisory () https://www.hestiacp.com/ - Vendor Advisory

03 Jun 2021, 16:50

Type Values Removed Values Added
References (MISC) https://github.com/sickcodes/security/blob/master/advisories/sick-2021-006.md - (MISC) https://github.com/sickcodes/security/blob/master/advisories/sick-2021-006.md - Broken Link
References (MISC) https://sick.codes/sick-2021-006 - (MISC) https://sick.codes/sick-2021-006 - Exploit, Third Party Advisory

27 May 2021, 16:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/sickcodes/security/blob/master/advisories/sick-2021-006.md -
  • (MISC) https://sick.codes/sick-2021-006 -
Summary Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.

Information

Published : 2021-02-16 04:15

Updated : 2024-11-21 05:57


NVD link : CVE-2021-27231

Mitre link : CVE-2021-27231

CVE.ORG link : CVE-2021-27231


JSON object : View

Products Affected

hestiacp

  • control_panel