CVE-2022-2818Improper Removal of Sensitive Information Before Storage or Transfer in Cockpit

CWE-212Improper Removal of Sensitive Information Before Storage or TransferCWE-287Improper AuthenticationCWE-305Authentication Bypass by Primary Weakness4 documents4 sources
Severity
8.8HIGHNVD
CNA9.8
EPSS
1.5%
top 18.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cockpit-hq CockpitAgentejo CockpitCockpit-hq Cockpit
Timeline
PublishedAug 15
Latest updateAug 16

Description

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDagentejo/cockpit< 2.2.2
Packagistcockpit-hq/cockpit< 2.2.2
CVEListV5cockpit-hq/cockpit-hq_cockpitunspecified2.2.2

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

3
GHSA
Cockpit Content Platform vulnerable to 2FA bypass2022-08-16
OSV
Cockpit Content Platform vulnerable to 2FA bypass2022-08-16
CVEList
Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit2022-08-15
CVE-2022-2818 — Cockpit-hq Cockpit vulnerability | cvebase