RSS   Podatności dla 'Openitcockpit'   RSS

2020-03-25
 
CVE-2020-10791

CWE-918
 

 
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.

 
 
CVE-2020-10790

CWE-79
 

 
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.

 
 
CVE-2020-10789

CWE-78
 

 
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.

 
 
CVE-2020-10788

CWE-327
 

 
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

 
2020-03-20
 
CVE-2020-10792

CWE-276
 

 
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.

 
2019-12-31
 
CVE-2019-10227

CWE-79
 

 
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.

 


Copyright 2024, cxsecurity.com

 

Back to Top