CVE-2023-0391

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate

Vendor Mgt-Commerce
Product CloudPanel
Weakness CWE-321
Published March 21, 2023
Last update February 26, 2025

CVSS base score

What the vulnerability does

01Description

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

Key dates

02Disclosure timeline

March 21, 2023 CVE published
February 26, 2025 Record updated