CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0780 – Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0780
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. • https://github.com/cockpit-hq/cockpit/commit/8450bdf7e1dc23e9d88adf30a2aa9101c0c41720 https://huntr.dev/bounties/801efd0b-404b-4670-961a-12a986252fa4 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0759 – Privilege Chaining in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0759
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. • https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714 https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347 • CWE-268: Privilege Chaining •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2818 – Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2022-2818
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub cockpit-hq/cockpit versiones anteriores a 2.2.2. • https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4 https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2713 – Insufficient Session Expiration in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2022-2713
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Una Expiración no Suficiente de Sesión en el repositorio GitHub cockpit-hq/cockpit versiones anteriores a 2.2.0 • https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 67%CPEs: 1EXPL: 1CVE-2020-35131
https://notcve.org/view.php?id=CVE-2020-35131
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. Cockpit versiones anteriores a 0.6.1, permite a un atacante inyectar código PHP personalizado y lograr una Ejecución de Comandos Remota por medio de la función registerCriteriaFunction en la biblioteca lib/MongoLite/Database.php, como es demostrado por los valores en los datos JSON en el URI /auth/check o /auth/requestreset • https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php https://github.com/agentejo/cockpit/releases/tag/0.6.1 https://www.exploit-db.com/exploits/49390 • CWE-94: Improper Control of Generation of Code ('Code Injection') •