CVE-2021-31604 – OpenVPN Monitor 1.1.3 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-31604
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. furlongm openvpn-monitor versiones hasta 1.1.3, permite una vulnerabilidad de tipo CSRF para desconectar un cliente arbitrario OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients. • http://packetstormsecurity.com/files/164281/OpenVPN-Monitor-1.1.3-Cross-Site-Request-Forgery.html https://github.com/furlongm/openvpn-monitor/releases • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-31605 – OpenVPN Monitor 1.1.3 Command Injection
https://notcve.org/view.php?id=CVE-2021-31605
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. furlongm openvpn-monitor versiones hasta 1.1.3, permite una inyección de comandos %0a por medio del socket de la interfaz de administración de OpenVPN. Esto puede apagar el servidor por medio de signal%20SIGTERM OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket. • http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html https://github.com/furlongm/openvpn-monitor/releases • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-31606 – OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service
https://notcve.org/view.php?id=CVE-2021-31606
furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. furlongm openvpn-monitor versiones hasta 1.1.3 permite una Omisión de Autorización para desconectar clientes arbitrarios OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. • http://packetstormsecurity.com/files/164274/OpenVPN-Monitor-1.1.3-Authorization-Bypass-Denial-Of-Service.html https://github.com/furlongm/openvpn-monitor/commit/ddb9d31ef0ec56f578bdacf99ebe9d68455ed8ca https://github.com/furlongm/openvpn-monitor/releases • CWE-287: Improper Authentication •