Type
Incident
Actors
Unknown
Pub. date
August 15, 2019
Initial access
Unknown
Impact
Supply chain attack
References
https://webmin.com/security/#remote-command-execution-cve-2019-15231
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
An unknown threat actor compromised the Webmin build server, and inserted a backdoor RCE vulnerability into the Webmin source code that anyone could exploit if they were aware of its existence. This backdoor persisted for over 15 months, likely being exploited as a 0day by the threat actor, until Webmin identified and removed it.