{"id":"CVE-2015-8368","details":"ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.","modified":"2024-09-18T02:14:54.899433Z","published":"2015-12-17T19:59:10Z","withdrawn":"2024-12-09T18:56:24.136646Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2015/Dec/10"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/38836/"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2015-8368"}],"affected":[{"package":{"name":"ntopng","ecosystem":"Debian:13","purl":"pkg:deb/debian/ntopng?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2+dfsg1-1"}]}],"versions":["1.1+dfsg2-1","1.1+dfsg2-2","1.2.0+dfsg1-1","1.2.1+dfsg1-1","1.2.1+dfsg1-1.1","1.2.1+dfsg1-2","2.0+dfsg1-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-8368.json"}}],"schema_version":"1.7.3"}