CVE-2022-45130

Description

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers.

References

ExploitTechnical DescriptionVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics