CVE-2024-44765

EUVD-2024-41096
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mgt-commercecloudpanel
2.0.0 ≤
𝑥
< 2.4.2
ADP
Common Weakness Enumeration
References
http://mgt-commerce.com
https://github.com/EagleTube/CloudPanel/tree/main/CVE-2024-44765