cbcvebase.
CVE-2017-14611
published 2018-04-10

CVE-2017-14611: SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url…

PriorityP350critical9.1CVSS 3.0
AVNACLPRNUINSUCHIHAN
EPSS
1.97%
77.9th percentile
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.

Affected

2 ranges
VendorProductVersion rangeFixed in
agentejocockpit
getcockpitcockpit0.4.4 – 0.5.5

CVSS provenance

nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.