{"id":"CVE-2018-1000080","details":"Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.","aliases":["PYSEC-2018-109"],"modified":"2026-05-04T08:20:40.123725Z","published":"2018-03-13T15:29:00.847Z","withdrawn":"2026-05-04T08:20:40.123725Z","references":[{"type":"EVIDENCE","url":"https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000080.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}