CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37649
https://notcve.org/view.php?id=CVE-2023-37649
20 Jul 2023 — Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-37650
https://notcve.org/view.php?id=CVE-2023-37650
20 Jul 2023 — A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1313 – Unrestricted Upload of File with Dangerous Type in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-1313
10 Mar 2023 — Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. • https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1160 – Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-1160
03 Mar 2023 — Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. • https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8 • CWE-1103: Use of Platform-Dependent Third Party Components •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32857 – Cockpit vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32857
20 Feb 2023 — Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. • https://github.com/agentejo/cockpit/blob/f7cd602bcc6134657ccfeb4e400b0050943dd243/assets/lib/uikit/js/components/htmleditor.js • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0780 – Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0780
11 Feb 2023 — Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. • https://github.com/cockpit-hq/cockpit/commit/8450bdf7e1dc23e9d88adf30a2aa9101c0c41720 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0759 – Privilege Chaining in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0759
09 Feb 2023 — Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. • https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714 • CWE-268: Privilege Chaining •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-2818 – Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2022-2818
15 Aug 2022 — Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub cockpit-hq/cockpit versiones anteriores a 2.2.2. • https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2022-2713 – Insufficient Session Expiration in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2022-2713
08 Aug 2022 — Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Una Expiración no Suficiente de Sesión en el repositorio GitHub cockpit-hq/cockpit versiones anteriores a 2.2.0 • https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3698 – cockpit: authenticates with revoked certificates
https://notcve.org/view.php?id=CVE-2021-3698
08 Mar 2022 — A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en Cockpit en versiones anteriores a la 260 en la forma en que maneja la verificación de certificad... • https://bugzilla.redhat.com/show_bug.cgi?id=1992149 • CWE-295: Improper Certificate Validation •