CVE-2020-14408
https://notcve.org/view.php?id=CVE-2020-14408
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector. Se detectó un problema en Agentejo Cockpit versión 0.10.2. El saneamiento insuficiente del parámetro to en la ruta /auth/login permite una inyección de código arbitrario de JavaScript en el contenido de una página web, creando un vector de ataque de tipo XSS Reflejado • https://github.com/agentejo/cockpit/issues/1310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3804 – cockpit: Crash when parsing invalid base64 headers
https://notcve.org/view.php?id=CVE-2019-3804
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. Se ha detectado que cockpit, en versiones anteriores a la 184, empleaba incorrectamente la funcionalidad de descodificación de base64 de glib, lo que resultaba en un ataque de denegación de servicio (DoS). Un atacante no autenticado podría enviar una petición especialmente manipulada con una cookie no válida codificada en base64, lo que podría provocar el cierre inesperado del servicio web. It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. • https://access.redhat.com/errata/RHSA-2019:1569 https://access.redhat.com/errata/RHSA-2019:1571 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804 https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12 https://github.com/cockpit-project/cockpit/pull/10819 https://access.redhat.com/security/cve/CVE-2019-3804 https://bugzilla.redhat.com/show_bug.cgi?id=1663567 • CWE-909: Missing Initialization of Resource •
CVE-2018-11471
https://notcve.org/view.php?id=CVE-2018-11471
Cockpit 0.5.5 has XSS via a collection, form, or region. Cockpit 0.5.5 tiene Cross-Site Scripting (XSS) mediante collection, form, o region. • https://github.com/nikhil1232/Cockpit-CMS-XSS-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9302 – Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-9302
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. SSRF (Server Side Request Forgery) en /assets/lib/fuc.js.php en Cockpit 0.4.4 hasta la versión 0.5.5 permite que atacantes remotos lean archivos arbitrarios o envíen tráfico TCP a hosts de la intranet mediante el parámetro url. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-14611, que estaba aproximadamente en la versión 0.13.0 y que (sorprendentemente) es una versión anterior a la 0.4.4. Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/44567 http://seclists.org/fulldisclosure/2018/May/10 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2017-14611 – Cockpit CMS 0.5.5 Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2017-14611
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. SSRF (Server Side Request Forgery) en Cockpit 0.13.0 permite que atacantes remotos lean archivos arbitrarios o envíen tráfico TCP a los hosts de la intranet mediante el parámetro url. Esto está relacionado con el uso del componente descontinuado aheinze/fetch_url_contents. Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability. • http://seclists.org/fulldisclosure/2018/Apr/15 • CWE-918: Server-Side Request Forgery (SSRF) •