Cockpit
CVE-2022-2818
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.
AnalysisAI
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-212. Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Affected products include: Agentejo Cockpit. Version information: prior to 2.2.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Rated critical
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Rated critical severit
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Rated critical severity (CVSS 9.
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. Rated critical s
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse t
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to r
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated high severity (CVSS 8.8), this v
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Admi
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. Rated high sever
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Rated high severity (CVSS 8.8), this vulnerab
Arbitrary file disclosure and PHP local file inclusion in Cockpit CMS before release 364 lets unauthenticated remote att
Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today