CVE-2021-3660 – cockpit: pages vulnerable to clickjacking
https://notcve.org/view.php?id=CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. Cockpit (y sus plugins) no parecen protegerse contra un ataque de clickjacking. Es posible renderizar una página de un servidor de Cockpit por medio de otro sitio web, dentro de una entrada HTML (iFrame). • https://bugzilla.redhat.com/show_bug.cgi?id=1980688 https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10 https://github.com/cockpit-project/cockpit/issues/16122 https://access.redhat.com/security/cve/CVE-2021-3660 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2020-35131
https://notcve.org/view.php?id=CVE-2020-35131
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. Cockpit versiones anteriores a 0.6.1, permite a un atacante inyectar código PHP personalizado y lograr una Ejecución de Comandos Remota por medio de la función registerCriteriaFunction en la biblioteca lib/MongoLite/Database.php, como es demostrado por los valores en los datos JSON en el URI /auth/check o /auth/requestreset • https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php https://github.com/agentejo/cockpit/releases/tag/0.6.1 https://www.exploit-db.com/exploits/49390 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-35850
https://notcve.org/view.php?id=CVE-2020-35850
An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue. ** EN DISPUTA ** Se detectó un problema de tipo SSRF en cockpit-project.org Cockpit versión 234. NOTA: esto no está relacionado con el producto Agentejo Cockpit. NOTA: el proveedor declara "I don't think (it) is a big real-life issue" • https://github.com/cockpit-project/cockpit/issues/15077 https://github.com/passtheticket/vulnerability-research/blob/main/cockpitProject/README.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-35846 – Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
https://notcve.org/view.php?id=CVE-2020-35846
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Agentejo Cockpit versiones anteriores a 0.11.2, permite una inyección NoSQL por medio de la función check del archivo Controller/Auth.php. • https://github.com/JohnHammond/CVE-2020-35846 https://github.com/0z09e/CVE-2020-35846 http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html https://getcockpit.com https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-35848 – Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
https://notcve.org/view.php?id=CVE-2020-35848
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. Agentejo Cockpit versiones anteriores a 0.11.2, permite una inyección NoSQL por medio de la función newpassword del archivo Controller/Auth.php. • https://www.exploit-db.com/exploits/50185 http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.html https://getcockpit.com https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •