CVE-2023-37650Cross-Site Request Forgery in Cockpit

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.3%
top 20.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cockpit-hq CockpitAgentejo Cockpit
Timeline
PublishedJul 20

Description

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Packagistcockpit-hq/cockpit< 2.6.0
NVDagentejo/cockpit2.5.2

🔴Vulnerability Details

3
OSV
Cockpit CMS Cross-Site Request Forgery vulnerability2023-07-20
CVEList
CVE-2023-37650: A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v22023-07-20
GHSA
Cockpit CMS Cross-Site Request Forgery vulnerability2023-07-20
CVE-2023-37650 — Cross-Site Request Forgery in Cockpit | cvebase