Vulnerabilites related to cockpit-hq - cockpit-hq/cockpit
CVE-2023-4451 (GCVE-0-2023-4451)
Vulnerability from cvelistv5
Published
2023-08-20 14:04
Modified
2024-10-02 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4451",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:07:39.506485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:17:48.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-20T14:04:35.553Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c"
}
],
"source": {
"advisory": "4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4451",
"datePublished": "2023-08-20T14:04:35.553Z",
"dateReserved": "2023-08-20T14:04:23.983Z",
"dateUpdated": "2024-10-02T15:17:48.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1313 (GCVE-0-2023-1313)
Vulnerability from cvelistv5
Published
2023-03-10 00:00
Modified
2025-03-03 20:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1313",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:58:03.382708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:58:13.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592"
}
],
"source": {
"advisory": "f73eef49-004f-4b3b-9717-90525e65ba61",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1313",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:58:13.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4195 (GCVE-0-2023-4195)
Vulnerability from cvelistv5
Published
2023-08-06 17:02
Modified
2024-10-09 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bd5da2f-0e29-47ce-90f3-06518656bfd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/800c05f1984db291769ffa5fdfb1d3e50968e95b"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4195",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:59:21.316165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:17:36.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-06T17:02:14.990Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0bd5da2f-0e29-47ce-90f3-06518656bfd6"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/800c05f1984db291769ffa5fdfb1d3e50968e95b"
}
],
"source": {
"advisory": "0bd5da2f-0e29-47ce-90f3-06518656bfd6",
"discovery": "EXTERNAL"
},
"title": "PHP Remote File Inclusion in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4195",
"datePublished": "2023-08-06T17:02:14.990Z",
"dateReserved": "2023-08-06T17:02:03.329Z",
"dateUpdated": "2024-10-09T18:17:36.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4433 (GCVE-0-2023-4433)
Vulnerability from cvelistv5
Published
2023-08-19 00:59
Modified
2024-10-02 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/64f3253d-6852-4b9f-b870-85e896007b1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4433",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:32:49.145633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:35:25.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-19T00:59:33.147Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/64f3253d-6852-4b9f-b870-85e896007b1a"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c"
}
],
"source": {
"advisory": "64f3253d-6852-4b9f-b870-85e896007b1a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4433",
"datePublished": "2023-08-19T00:59:33.147Z",
"dateReserved": "2023-08-19T00:59:23.182Z",
"dateUpdated": "2024-10-02T15:35:25.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4321 (GCVE-0-2023-4321)
Vulnerability from cvelistv5
Published
2023-08-14 10:26
Modified
2024-10-03 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4321",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:55:19.748106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:55:50.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T10:26:07.663Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249"
}
],
"source": {
"advisory": "fce38751-bfd6-484c-b6e1-935e0aa8ffdc",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4321",
"datePublished": "2023-08-14T10:26:07.663Z",
"dateReserved": "2023-08-14T10:25:55.495Z",
"dateUpdated": "2024-10-03T19:55:50.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4422 (GCVE-0-2023-4422)
Vulnerability from cvelistv5
Published
2023-08-18 18:35
Modified
2024-10-03 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e12b773-b6a2-48da-a4bb-55d5d1307d2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/b8dad5e070608bb5e4ec58fabbee101b5af737cf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:16:41.962398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:19:59.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T18:35:17.611Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2e12b773-b6a2-48da-a4bb-55d5d1307d2e"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/b8dad5e070608bb5e4ec58fabbee101b5af737cf"
}
],
"source": {
"advisory": "2e12b773-b6a2-48da-a4bb-55d5d1307d2e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4422",
"datePublished": "2023-08-18T18:35:17.611Z",
"dateReserved": "2023-08-18T18:35:06.714Z",
"dateUpdated": "2024-10-03T14:19:59.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2713 (GCVE-0-2022-2713)
Vulnerability from cvelistv5
Published
2022-08-08 14:30
Modified
2024-08-03 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T14:30:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
}
],
"source": {
"advisory": "3080fc96-75d7-4868-84de-9fc8c9b90290",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in cockpit-hq/cockpit",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2713",
"STATE": "PUBLIC",
"TITLE": "Insufficient Session Expiration in cockpit-hq/cockpit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cockpit-hq/cockpit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "cockpit-hq"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
},
{
"name": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b",
"refsource": "MISC",
"url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
}
]
},
"source": {
"advisory": "3080fc96-75d7-4868-84de-9fc8c9b90290",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2713",
"datePublished": "2022-08-08T14:30:13",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T00:46:03.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0780 (GCVE-0-2023-0780)
Vulnerability from cvelistv5
Published
2023-02-11 00:00
Modified
2025-03-24 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.3.9-dev |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/801efd0b-404b-4670-961a-12a986252fa4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/8450bdf7e1dc23e9d88adf30a2aa9101c0c41720"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T17:48:01.615953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:48:07.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.3.9-dev",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/801efd0b-404b-4670-961a-12a986252fa4"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/8450bdf7e1dc23e9d88adf30a2aa9101c0c41720"
}
],
"source": {
"advisory": "801efd0b-404b-4670-961a-12a986252fa4",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0780",
"datePublished": "2023-02-11T00:00:00.000Z",
"dateReserved": "2023-02-11T00:00:00.000Z",
"dateUpdated": "2025-03-24T17:48:07.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0759 (GCVE-0-2023-0759)
Vulnerability from cvelistv5
Published
2023-02-09 00:00
Modified
2025-03-24 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-268 - Privilege Chaining
Summary
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.3.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:13:49.253299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:14:23.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714"
}
],
"source": {
"advisory": "49e2cccc-bb56-4633-ba6a-b3803e251347",
"discovery": "EXTERNAL"
},
"title": "Privilege Chaining in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0759",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2023-02-09T00:00:00.000Z",
"dateUpdated": "2025-03-24T18:14:23.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1160 (GCVE-0-2023-1160)
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2025-03-07 21:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1103 - Use of Platform-Dependent Third Party Components
Summary
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:42:30.764587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:42:46.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1103",
"description": "CWE-1103 Use of Platform-Dependent Third Party Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
}
],
"source": {
"advisory": "3ce480dc-1b1c-4230-9287-0dc3b31c2f87",
"discovery": "EXTERNAL"
},
"title": "Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1160",
"datePublished": "2023-03-03T00:00:00.000Z",
"dateReserved": "2023-03-03T00:00:00.000Z",
"dateUpdated": "2025-03-07T21:42:46.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4395 (GCVE-0-2023-4395)
Vulnerability from cvelistv5
Published
2023-08-17 03:52
Modified
2024-10-03 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc48b0da"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4395",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:40:30.455837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:41:07.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T03:52:35.093Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc48b0da"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c"
}
],
"source": {
"advisory": "60e38563-7ac8-4a13-ac04-2980cc48b0da",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4395",
"datePublished": "2023-08-17T03:52:35.093Z",
"dateReserved": "2023-08-17T03:52:23.716Z",
"dateUpdated": "2024-10-03T14:41:07.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4196 (GCVE-0-2023-4196)
Vulnerability from cvelistv5
Published
2023-08-06 17:32
Modified
2024-10-09 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c275a2d4-721f-49f7-8787-b146af2056a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/039a00cc310bff128ca6e6c1c46c6fbad0385c2c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4196",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:56:16.553358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:16:38.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-06T17:32:11.398Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c275a2d4-721f-49f7-8787-b146af2056a0"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/039a00cc310bff128ca6e6c1c46c6fbad0385c2c"
}
],
"source": {
"advisory": "c275a2d4-721f-49f7-8787-b146af2056a0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4196",
"datePublished": "2023-08-06T17:32:11.398Z",
"dateReserved": "2023-08-06T17:31:59.943Z",
"dateUpdated": "2024-10-09T18:16:38.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2818 (GCVE-0-2022-2818)
Vulnerability from cvelistv5
Published
2022-08-15 09:50
Modified
2024-08-03 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.\u003c/p\u003e"
}
],
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:56:22.914Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4"
}
],
"source": {
"advisory": "ee27e5df-516b-4cf4-9f28-346d907b5491",
"discovery": "EXTERNAL"
},
"title": "Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2818",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in cockpit-hq/cockpit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cockpit-hq/cockpit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.2.2"
}
]
}
}
]
},
"vendor_name": "cockpit-hq"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491"
},
{
"name": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4",
"refsource": "MISC",
"url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4"
}
]
},
"source": {
"advisory": "ee27e5df-516b-4cf4-9f28-346d907b5491",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2818",
"datePublished": "2022-08-15T09:50:24",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T00:52:58.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4432 (GCVE-0-2023-4432)
Vulnerability from cvelistv5
Published
2023-08-19 00:52
Modified
2024-10-02 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Version: unspecified < 2.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4432",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:32:30.746363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:35:59.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-19T00:52:51.899Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195"
}
],
"source": {
"advisory": "69684663-6822-41ff-aa05-afbdb8f5268f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4432",
"datePublished": "2023-08-19T00:52:51.899Z",
"dateReserved": "2023-08-19T00:52:40.264Z",
"dateUpdated": "2024-10-02T15:35:59.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}