npm package
meshcentral
pkg:npm/meshcentral
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26135 | — | < 1.1.21 | 1.1.21 | Feb 20, 2024 | MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. T | ||
| CVE-2023-51838 | — | <= 1.1.16 | — | Feb 2, 2024 | Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | ||
| CVE-2023-51837 | — | <= 1.1.16 | — | Jan 30, 2024 | Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | ||
| CVE-2023-51842 | — | < 1.1.17 | 1.1.17 | Jan 29, 2024 | An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16. |
- CVE-2024-26135Feb 20, 2024affected < 1.1.21fixed 1.1.21
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. T
- CVE-2023-51838Feb 2, 2024affected <= 1.1.16
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
- CVE-2023-51837Jan 30, 2024affected <= 1.1.16
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
- CVE-2023-51842Jan 29, 2024affected < 1.1.17fixed 1.1.17
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.