Cockpit-Hq Cockpit vulnerabilities

14 known vulnerabilities affecting cockpit-hq/cockpit-hq_cockpit.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH4MEDIUM9

Vulnerabilities

Page 1 of 1

CVE-2023-4451MEDIUMCVSS 6.1PoC≥ unspecified, < 2.6.42023-08-20

CVE-2023-4451 [MEDIUM] CWE-79 CVE-2023-4451: Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

cvelistv5nvd

CVE-2023-4432MEDIUMCVSS 6.1≥ unspecified, < 2.6.42023-08-19

CVE-2023-4432 [MEDIUM] CWE-79 CVE-2023-4432: Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

cvelistv5nvd

CVE-2023-4433MEDIUMCVSS 5.4≥ unspecified, < 2.6.42023-08-19

CVE-2023-4433 [MEDIUM] CWE-79 CVE-2023-4433: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

cvelistv5nvd

CVE-2023-4422MEDIUMCVSS 4.8≥ unspecified, < 2.6.32023-08-18

CVE-2023-4422 [MEDIUM] CWE-79 CVE-2023-4422: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

cvelistv5nvd

CVE-2023-4395MEDIUMCVSS 5.4≥ unspecified, < 2.6.42023-08-17

CVE-2023-4395 [MEDIUM] CWE-79 CVE-2023-4395: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

cvelistv5nvd

CVE-2023-4321MEDIUMCVSS 6.1≥ unspecified, < 2.4.32023-08-14

CVE-2023-4321 [MEDIUM] CWE-79 CVE-2023-4321: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

cvelistv5nvd

CVE-2023-4195HIGHCVSS 8.8≥ unspecified, < 2.6.32023-08-06

CVE-2023-4195 [HIGH] CWE-98 CVE-2023-4195: PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

cvelistv5nvd

CVE-2023-4196MEDIUMCVSS 5.4≥ unspecified, < 2.6.32023-08-06

CVE-2023-4196 [MEDIUM] CWE-79 CVE-2023-4196: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

cvelistv5nvd

CVE-2023-1313HIGHCVSS 8.8≥ unspecified, < 2.4.12023-03-10

CVE-2023-1313 [HIGH] CWE-434 CVE-2023-1313: Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4 Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.

cvelistv5nvd

CVE-2023-1160MEDIUMCVSS 5.5≥ unspecified, < 2.4.02023-03-03

CVE-2023-1160 [MEDIUM] CWE-1103 CVE-2023-1160: Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2. Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.

cvelistv5nvd

CVE-2023-0780MEDIUMCVSS 5.4≥ unspecified, < 2.3.9-dev2023-02-11

CVE-2023-0780 [MEDIUM] CWE-1021 CVE-2023-0780: Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior t Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

cvelistv5nvd

CVE-2023-0759HIGHCVSS 8.8≥ unspecified, < 2.3.82023-02-09

CVE-2023-0759 [HIGH] CWE-268 CVE-2023-0759: Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

cvelistv5nvd

CVE-2022-2818HIGHCVSS 8.8≥ unspecified, < 2.2.22022-08-15

CVE-2022-2818 [HIGH] CWE-212 CVE-2022-2818: Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

cvelistv5nvd

CVE-2022-2713CRITICALCVSS 9.8≥ unspecified, < 2.2.02022-08-08

CVE-2022-2713 [CRITICAL] CWE-613 CVE-2022-2713: Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

cvelistv5nvd