HestiaCP Vulnerabilities - Security?

Hello,

Greetings from me, I’m very happy to see this lovely project now, continued from the abandoned vestacp.
I have used vestacp for more than 1 year with good performance but fewer options.
I see hestiacp with a lot of new features like multi PHP, two-factor authentication,better interface, new updates and a lot of new features I don’t know yet.

But the last version of vestacp , had some vulnerabilities so my question is: Does HestiaCP fixed those vulns ?

Vulnerabilities:



https : // www. vulnerability - lab. com / get_content.php?id=2238 (as new user I cant post more than 2 links)

Thanks!

The loginas has been patched how ever the risk was pretty small

The 2nd didn’t affect Hestia

And the 3rd neither

3 Likes

Since we forked Vestacp in late 2018 we have implemented a large number of security fixes and improvements. This is the reason some of the security exploits discovered recently in Vestacp did not affect us.

The list of changes would be too large to post here but you can check the changelog on github if you are curious.

This being said, Hesiacp is not bulletproff and general security best practises must be followed as always. Still we are commited to take any security reports very seriously and fix them in a timely manner.

Welcome to Hestiacp :wink:

2 Likes

The “Biggest” security issue of these 3 was probably the second one but didn’t affect Hestia.

In VestaCP is was able to reproduce the issue.

For https://www.vulnerability-lab.com/get_content.php?id=2240 we fixed it with
https://github.com/hestiacp/hestiacp/pull/1456

If you find an security issue please report and we will fix it as soon as possible.

1 Like

Thank you very much for your response and your time. I wish you all the best!

Thanks mate. I Really appreciate it!