CVE-2019-15494
published 2019-08-23CVE-2019-15494: openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
PriorityP343critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.51%
71.3th percentile
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| it-novum | openitcockpit | < 3.7.1 | 3.7.1 |
| linuxfoundation | dojo | >= 0 < 1.15.4+dfsg1-1ubuntu0.1 | 1.15.4+dfsg1-1ubuntu0.1 |
| linuxfoundation | dojo | >= 0 < 1.10.4+dfsg-2ubuntu0.1~esm1 | 1.10.4+dfsg-2ubuntu0.1~esm1 |
| linuxfoundation | dojo | >= 0 < 1.15.0+dfsg1-1ubuntu0.1~esm1 | 1.15.0+dfsg1-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
dojo vulnerabilities
osv·2025-06-16·CVSS 9.8
CVE-2018-15494 dojo vulnerabilities
dojo vulnerabilities
It was discovered that Dojo did not correctly handle DataGrids. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-15494)
It was discovered that Dojo was vulnerable to prototype pollution. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-23450)
Jonathan Leitschuh discovered that Dojo did not correctly sanitize
certain inputs. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2019-10785, CVE-2020-4051)
GHSA
GHSA-59x4-pqcp-87m4: openITCOCKPIT before 3
ghsa_unreviewed·2022-05-24
CVE-2019-15494 [CRITICAL] CWE-918 GHSA-59x4-pqcp-87m4: openITCOCKPIT before 3
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-08-23
Published