Primary

Context

PowerDNS DNSdist Cross-Origin Resource Sharing Misconfiguration Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability exists in PowerDNS DNSdist versions 1.9.0 prior to 1.9.11 and 2.0.0 prior to 2.0.2, where a misconfigured Cross-Origin Resource Sharing (CORS) policy can lead to information disclosure. When the internal webserver is enabled, an attacker may trick an administrator logged into the dashboard into visiting a malicious website, potentially extracting sensitive configuration information from the dashboard.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive configuration information from the DNSdist dashboard.

Remediation

Users can upgrade to PowerDNS DNSdist versions 1.9.12 or 2.0.3, or disable the internal webserver.

Added: Mar 31, 2026, 12:31 PM

Updated: Mar 31, 2026, 12:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.9

exploitability

6.4

remediation

8.3

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.9

exploitability

6.4

remediation

8.3

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS DNSdist Cross-Origin Resource Sharing Misconfiguration Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

PowerDNS DNSdist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating