Agentejo Cockpit vulnerabilities

CVE-2023-0780 [MEDIUM] CWE-1021 CVE-2023-0780: Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior t Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

CVE-2023-0759 [HIGH] CWE-268 CVE-2023-0759: Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

CVE-2022-2818 [HIGH] CWE-212 CVE-2022-2818: Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

CVE-2022-2713 [CRITICAL] CWE-613 CVE-2022-2713: Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

CVE-2021-3698 [HIGH] CWE-295 CVE-2021-3698: A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daem A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the cert

CVE-2021-3660 [MEDIUM] CWE-1021 CVE-2021-3660: Cockpit (and its plugins) do not seem to protect itself against clickjacking Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

CVE-2020-35131 [CRITICAL] CWE-94 CVE-2020-35131: Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Executi Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.

CVE-2020-35847 [CRITICAL] CWE-89 CVE-2020-35847: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword func Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

CVE-2020-35848 [CRITICAL] CWE-89 CVE-2020-35848: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword functi Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

CVE-2020-35846 [CRITICAL] CWE-89 CVE-2020-35846: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

CVE-2020-14408 [MEDIUM] CWE-79 CVE-2020-14408: An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.

CVE-2019-3804 [HIGH] CVE-2019-3804: It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

CVE-2017-14611 [CRITICAL] CWE-918 CVE-2017-14611: SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.