CVE-2020-35850Server-Side Request Forgery in Cockpit

CWE-918Server-Side Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cockpit-project Cockpit
Timeline
PublishedDec 30
Latest updateMay 24

Description

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-3mxq-x62m-9mvp: ** DISPUTED ** An SSRF issue was discovered in cockpit-project2022-05-24
CVEList
CVE-2020-35850: An SSRF issue was discovered in cockpit-project2020-12-30
OSV
CVE-2020-35850: ** DISPUTED ** An SSRF issue was discovered in cockpit-project2020-12-30
CVE-2020-35850 — Server-Side Request Forgery in Cockpit | cvebase