CVE-2022-0824: 
Webmin vulnerability analysis and mitigation

CVE-2022-0824 is an Improper Access Control vulnerability in GitHub repository webmin/webmin prior to version 1.990, affecting the File Manager module. The vulnerability was discovered on February 17th, 2022, and was fixed in version 1.990 released on March 3rd, 2022. Any authenticated low privilege user without access rights to the File Manager module could interact with second-level file manager functionalities (NetbyteSEC Blog).

The vulnerability exists because CGI scripts in authentic-theme/extensions/file-manager did not properly check that the user has access to the File Manager module. While first-level access control functionalities were properly protected, second-level functionalities remained accessible. Two key endpoints could be exploited: http_download.cgi for placing CGI scripts from remote URLs, and chmod.cgi for modifying file permissions. The vulnerability received a CVSS v3.1 score indicating high severity with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NetbyteSEC Blog).

Successful exploitation of this vulnerability allows an attacker to achieve Remote Code Execution via a crafted .cgi file by chaining file manager functionalities. The attacker can modify the OS file system and execute OS commands with root privileges, despite having low-privilege authentication (NetbyteSEC Blog).

The recommended mitigation is to update to Webmin version 1.990 or later. All systems with additional untrusted Webmin users should upgrade immediately. The vendor released security advisory and patches in version 1.990 on March 3rd, 2022 (NetbyteSEC Blog).