Vulnerability CVE-2017-14611
Published: 2018-04-10

Description:
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Cockpit CMS 0.13.0 Server Side Request Forgery
Jiawang Zhang
08.04.2018

Type:

CWE-918

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Getcockpit -> Cockpit 

 References:
http://seclists.org/fulldisclosure/2018/Apr/15
Copyright 2024, cxsecurity.com

 

Back to Top