cbcvebase.

Amir20 Dozzle vulnerabilities

4 known vulnerabilities affecting amir20/dozzle.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2026-45298P2HIGHCVSS 8.6PoCfixed in 10.5.22026-05-26
CVE-2026-45298 [HIGH] CWE-918 CVE-2026-45298: Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy ( Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that sends an HTTP POST to the supplied URL with attacker-
nvd
CVE-2026-24740P3CRITICALCVSS 9.9fixed in 9.0.32026-01-27
CVE-2026-24740 [CRITICAL] CWE-284 CVE-2026-24740: Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s ag Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the same agent host by directly targeting their container
nvd
CVE-2026-44985P3CRITICALCVSS 9.6fixed in 10.5.22026-05-26
CVE-2026-44985 [CRITICAL] CWE-346 CVE-2026-44985: Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for th Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking (CSWSH). An attacke
nvd
CVE-2024-47182P3HIGHCVSS 7.5fixed in 8.5.32024-09-27
CVE-2024-47182 [HIGH] CWE-328 CVE-2024-47182: Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
nvd
Amir20 Dozzle vulnerabilities | cvebase