CVE-2023-4451
published 2023-08-20CVE-2023-4451: Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.27%
80.9th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agentejo | cockpit | <= 2.6.3 | — |
| cockpit-hq | cockpit | 0 – 2.6.3 | — |
| cockpit-hq | cockpit-hq_cockpit | >= unspecified < 2.6.4 | 2.6.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /install/index.php with a `space` parameter containing unsanitized HTML/JS payload (e.g., <img src=1 onerror=...>) triggers reflected XSS; response body contains the string 'Space :: does not exist' and Content-Type header is text/html with HTTP 200. ↗
- →Response body match: look for the literal string 'Space :: does not exist' to confirm the vulnerable code path was reached. ↗
- →Shodan fingerprinting queries for exposed Cockpit instances: html:"Cockpit", http.favicon.hash:688609340, http.html:"cockpit". ↗
- →FOFA fingerprinting queries for exposed Cockpit instances: icon_hash=688609340, body="cockpit". ↗
- ·Vulnerability affects cockpit-hq/cockpit versions prior to 2.6.4 only; the install interface (/install/index.php) must be publicly accessible for exploitation. ↗
- ·The attack is unauthenticated and targets the installation interface; if the install path is removed or restricted post-installation, the attack surface is eliminated. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cockpit Cross-site Scripting vulnerability
osv·2023-08-20
CVE-2023-4451 [MEDIUM] Cockpit Cross-site Scripting vulnerability
Cockpit Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 30609466c817e39f9de1871559603e93cd4d0d0c and anticipated to be part of version 2.6.4.
GHSA
Cockpit Cross-site Scripting vulnerability
ghsa·2023-08-20
CVE-2023-4451 [MEDIUM] CWE-79 Cockpit Cross-site Scripting vulnerability
Cockpit Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 30609466c817e39f9de1871559603e93cd4d0d0c and anticipated to be part of version 2.6.4.
No detection rules found.
Nuclei
Cockpit - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-4451 [MEDIUM] Cockpit - Cross-Site Scripting
Cockpit - Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Template:
id: CVE-2023-4451
info:
name: Cockpit - Cross-Site Scripting
author: iamnoooob,pdresearch
severity: medium
description: |
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the space parameter in the installation interface to steal administrator credentials during Cockpit CMS setup.
remediation: |
Update Cockpit to version 2.6.4 or later that properly sanitizes and encodes the space parameter in the install/index.php interface.
reference:
- https://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa/
- https://github.com/Cockpit-H
No writeups or analysis indexed.
https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0chttps://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fahttps://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-4451.mdhttps://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0chttps://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa
2023-08-20
Published