Cockpit-Hq Cockpit vulnerabilities
25 known vulnerabilities affecting cockpit-hq/cockpit.
Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH12MEDIUM10
Vulnerabilities
Page 2 of 2
CVE-2023-4433P4HIGH≥ 0, ≤ 2.6.32023-08-19
CVE-2023-4433 [HIGH] CWE-79 Cockpit Cross-site Scripting vulnerability
Cockpit Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 36d1d4d256cbbab028342ba10cc493e5c119172c and anticipated to be part of version 2.6.4.
ghsaosv
CVE-2023-4196P4HIGH≥ 0, < 2.6.32023-08-06
CVE-2023-4196 [HIGH] CWE-79 Cockpit Cross-site Scripting vulnerability
Cockpit Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. For any role that has permission to execute function assets, an attacker can upload a html file and that leads to XSS.
ghsaosv
CVE-2023-0780P4MEDIUM≥ 0, < 2.3.92023-02-11
CVE-2023-0780 [MEDIUM] CWE-1021 Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9.
ghsaosv
CVE-2023-1160P4MEDIUM≥ 0, ≤ 2.3.92023-03-03
CVE-2023-1160 [MEDIUM] CWE-1103 Cockpit Uses Platform-Dependent Third Party Components
Cockpit Uses Platform-Dependent Third Party Components
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0.
ghsaosv
CVE-2023-4422P4MEDIUM≥ 0, < 2.6.32023-08-18
CVE-2023-4422 [MEDIUM] CWE-79 Cockpit Cross-site Scripting vulnerability
Cockpit Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
ghsaosv
← Previous2 / 2