Primary

Context

Oxidized Web Unauthenticated User Control Vulnerability via RANCID Migration Page

Vulnerability

Patched

A vulnerability in Oxidized Web versions prior to 0.15.0 allows an unauthenticated user to take control of the Linux user account running the application. This issue arises from the RANCID migration page, which could be exploited by sending crafted requests. The vulnerability has been addressed by removing the migration page in version 0.15.0.

Impact

Exploitation of this vulnerability could lead to unauthorized control over the Linux user account running Oxidized Web.

Remediation

Users can upgrade to Oxidized Web version 0.15.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.7

remediation

7.7

relevance

0.0

threat

3.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.7

remediation

7.7

relevance

0.0

threat

3.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oxidized Web Unauthenticated User Control Vulnerability via RANCID Migration Page

Vulnerability

Impact

Remediation

Affected Products

ytti oxidized-web

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating