What is CVE-2012-2983?

CVE-2012-2983 is a vulnerability in Gentoo Webmin, classified under Improper Authentication. Published 2012-09-11.

Is CVE-2012-2983 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Gentoo Webmin

CVE-2012-2983

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

Vulnerability class: Broken Authentication

EPSS: 0.540 (98.1th percentile) — read the EPSS interpretation.

Affected products

Gentoo Webmin — versions 1.140, 1.150, 1.160
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cret@cert.org (x_refsource_MISC)
VU#788478 (x_refsource_CERT-VN, US Government Resource, Patch, third-party-advisory)
1027507 (vdb-entry, x_refsource_SECTRACK)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-2983?: CVE-2012-2983 is a vulnerability in Gentoo Webmin, classified under Improper Authentication. Published 2012-09-11.
Is CVE-2012-2983 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.