Plesk & SocialBee have teamed up. Save 30% now!

Knowledge Base

Vulnerability CVE-2023-24044

Situation

Vulnerability CVE-2023-24044 in Plesk versions up to and including Obsidian 18.0.49 was reported.

Impact

Plesk Security team considers the vulnerability invalid, so Plesk is not affected.

The ability to use arbitrary domain names to access the panel is a feature of Plesk done by Plesk users request.
Web cache poisoning attack is not possible, because the HTTP response contains:
Cache-Control: no-store, no-cache, must-revalidate
We are not aware of any other attacks that allow an attacker to redirect a victim from the Plesk login page to a malicious website via the HTTP request header "Host".

Call to Action

No actions are required.

Related Posts

Plesk Obsidian 18.0.62 is now available

Plesk Obsidian 18.0.61 Release

HTTP Response Status Codes Explained

Knowledge Base

How to configure varnish cache for a domain in Plesk?

Let’s Encrypt certificate installation fails for a domain in Plesk for Windows Server: The authorization token is not available

How to disable Permanent SEO-safe 301 redirect from HTTP to HTTPS by default in Plesk Obsidian?

Microsoft Windows Server 2008R2, Server 2012, Server 2012R2 and Server 2016 are vulnerable to Juicy Potato exploit

Hosting Wiki