CVE-2017-14611Server-Side Request Forgery in Cockpit

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 46.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Agentejo Cockpit
Timeline
PublishedApr 10
Latest updateMay 14

Description

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDagentejo/cockpit0.13.0

🔴Vulnerability Details

2
GHSA
GHSA-m6p8-7fj8-96hr: SSRF (Server Side Request Forgery) in Cockpit 02022-05-14
CVEList
CVE-2017-14611: SSRF (Server Side Request Forgery) in Cockpit 02018-04-10
CVE-2017-14611 — Server-Side Request Forgery in Cockpit | cvebase