Plesk end customer can get admin rights

We just got the message that all Plesk versions from 12.x to 17.x have a Security vulnerability which allow the end user to read files of the psaadm user. This allows you to gain access to the admin user and to use e.g. commands as root user execute.

On 15.4. the gap is to be published by the manufacturer Plesk.

Until then, all Plesk servers must be updated to the latest version. 12.x updates have also been provided for the old End-of-Life versions.

How do I update my system?

via SSH e.g. simply execute the following command as root:

For Plesk 17.x:

plesk installer update

For Plesk 12.5:

plesk installer --select-release-current --reinstall-patch --upgrade-installed-components

For Plesk 12.0:

/usr/local/psa/admin/sbin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component panel

 

or in Plesk even via the update function. The best way to do this is to log in as admin and check for updates. In this context it also makes sense to update the operating system and activate the auto-update function.

 

Please divide the contribution
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on whatsapp
Share on telegram
Latest posts

Recommended videos from our Youtube Channel