We noticed that Webmin security release notes (https://webmin.com/security/ ) mention a security fix related to the shell autocomplete feature was released in webmin 2.111 . However, we couldn’t find any specific details on the exact nature of this vulnerability or the commit that resolved it. Could anyone provide more information on:
1. The exact nature of this shell autocomplete vulnerability—was it related to privilege escalation, unauthorized access, or another issue?
2. The specific commit or code area that addressed this vulnerability?
3. If any CVE was assigned to this issue, or if there’s further documentation available on the scope of the fix?
4. Is it possible for us to patch this issue in earlier version of webmin rather than upgarding to later version entirely?
We are trying to understand if this issue impacts any custom shell or command configurations and to confirm the security of our installation. Any insights would be greatly appreciated!
Thank you in advance!
Last edit: Prasad 2024-11-10
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello Webmin team and community,
We noticed that Webmin security release notes (https://webmin.com/security/ ) mention a security fix related to the shell autocomplete feature was released in webmin 2.111 . However, we couldn’t find any specific details on the exact nature of this vulnerability or the commit that resolved it. Could anyone provide more information on:
1. The exact nature of this shell autocomplete vulnerability—was it related to privilege escalation, unauthorized access, or another issue?
2. The specific commit or code area that addressed this vulnerability?
3. If any CVE was assigned to this issue, or if there’s further documentation available on the scope of the fix?
4. Is it possible for us to patch this issue in earlier version of webmin rather than upgarding to later version entirely?
We are trying to understand if this issue impacts any custom shell or command configurations and to confirm the security of our installation. Any insights would be greatly appreciated!
Thank you in advance!
Last edit: Prasad 2024-11-10