CVSS: 9.8EPSS: 83%CPEs: 1EXPL: 3CVE-2020-35847 – Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
https://notcve.org/view.php?id=CVE-2020-35847
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Agentejo Cockpit versiones anteriores a 0.11.2, permite una inyección NoSQL por medio de la función resetpassword del archivo Controller/Auth.php. • https://www.exploit-db.com/exploits/50185 http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.html https://getcockpit.com https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14408
https://notcve.org/view.php?id=CVE-2020-14408
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector. Se detectó un problema en Agentejo Cockpit versión 0.10.2. El saneamiento insuficiente del parámetro to en la ruta /auth/login permite una inyección de código arbitrario de JavaScript en el contenido de una página web, creando un vector de ataque de tipo XSS Reflejado • https://github.com/agentejo/cockpit/issues/1310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3804 – cockpit: Crash when parsing invalid base64 headers
https://notcve.org/view.php?id=CVE-2019-3804
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. Se ha detectado que cockpit, en versiones anteriores a la 184, empleaba incorrectamente la funcionalidad de descodificación de base64 de glib, lo que resultaba en un ataque de denegación de servicio (DoS). Un atacante no autenticado podría enviar una petición especialmente manipulada con una cookie no válida codificada en base64, lo que podría provocar el cierre inesperado del servicio web. It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. • https://access.redhat.com/errata/RHSA-2019:1569 https://access.redhat.com/errata/RHSA-2019:1571 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804 https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12 https://github.com/cockpit-project/cockpit/pull/10819 https://access.redhat.com/security/cve/CVE-2019-3804 https://bugzilla.redhat.com/show_bug.cgi?id=1663567 • CWE-909: Missing Initialization of Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11471
https://notcve.org/view.php?id=CVE-2018-11471
Cockpit 0.5.5 has XSS via a collection, form, or region. Cockpit 0.5.5 tiene Cross-Site Scripting (XSS) mediante collection, form, o region. • https://github.com/nikhil1232/Cockpit-CMS-XSS-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 16%CPEs: 1EXPL: 2CVE-2018-9302 – Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-9302
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. SSRF (Server Side Request Forgery) en /assets/lib/fuc.js.php en Cockpit 0.4.4 hasta la versión 0.5.5 permite que atacantes remotos lean archivos arbitrarios o envíen tráfico TCP a hosts de la intranet mediante el parámetro url. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-14611, que estaba aproximadamente en la versión 0.13.0 y que (sorprendentemente) es una versión anterior a la 0.4.4. Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/44567 http://seclists.org/fulldisclosure/2018/May/10 • CWE-918: Server-Side Request Forgery (SSRF) •