CVE-2022-2713
published 2022-08-08CVE-2022-2713: Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
PriorityP333critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.96%
57.0th percentile
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agentejo | cockpit | < 2.2.0 | 2.2.0 |
| aheinze | cockpit | >= 0 < 2.2.0 | 2.2.0 |
| cockpit-hq | cockpit-hq_cockpit | >= unspecified < 2.2.0 | 2.2.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
osv·2022-08-09
CVE-2022-2713 [CRITICAL] Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.
GHSA
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
ghsa·2022-08-09
CVE-2022-2713 [CRITICAL] CWE-613 Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-08
Published