Getcockpit Cockpit vulnerabilities
2 known vulnerabilities affecting getcockpit/cockpit.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-9302P2CRITICALCVSS 9.1PoC≥ 0.4.4, ≤ 0.5.52018-05-02
CVE-2018-9302 [CRITICAL] CVE-2018-9302: SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows r
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version th
nvd
CVE-2018-11471P4MEDIUMCVSS 5.4v0.5.52018-05-25
CVE-2018-11471 [MEDIUM] CWE-79 CVE-2018-11471: Cockpit 0.5.5 has XSS via a collection, form, or region.
Cockpit 0.5.5 has XSS via a collection, form, or region.
nvd