CVE-2023-37650
https://notcve.org/view.php?id=CVE-2023-37650
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 https://www.ghostccamm.com/blog/multi_cockpit_vulns • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-1313 – Unrestricted Upload of File with Dangerous Type in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-1313
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. • https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592 https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-1160 – Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-1160
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. • https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8 https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87 • CWE-1103: Use of Platform-Dependent Third Party Components •
CVE-2023-0780 – Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0780
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. • https://github.com/cockpit-hq/cockpit/commit/8450bdf7e1dc23e9d88adf30a2aa9101c0c41720 https://huntr.dev/bounties/801efd0b-404b-4670-961a-12a986252fa4 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2023-0759 – Privilege Chaining in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0759
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. • https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714 https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347 • CWE-268: Privilege Chaining •