Skip to main content

Cockpit CVE-2022-2818

HIGH
Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)
2022-08-15 security@huntr.dev
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 15, 2022 - 11:21 nvd
HIGH 8.8

DescriptionNVD

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

AnalysisAI

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-212. Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Affected products include: Agentejo Cockpit. Version information: prior to 2.2.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-35847 CRITICAL POC
9.8 Dec 30

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Rated critical

CVE-2020-35846 CRITICAL POC
9.8 Dec 30

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Rated critical severit

CVE-2022-2713 CRITICAL POC
9.8 Aug 08

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Rated critical severity (CVSS 9.

CVE-2020-35848 CRITICAL POC
9.8 Dec 30

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. Rated critical s

CVE-2018-15540 CRITICAL POC
9.8 Oct 15

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse t

CVE-2018-9302 CRITICAL POC
9.1 May 02

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to r

CVE-2023-4195 HIGH POC
8.8 Aug 06

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated high severity (CVSS 8.8), this v

CVE-2023-37650 HIGH POC
8.8 Jul 20

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Admi

CVE-2023-1313 HIGH POC
8.8 Mar 10

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. Rated high sever

CVE-2023-0759 HIGH POC
8.8 Feb 09

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Rated high severity (CVSS 8.8), this vulnerab

CVE-2026-58467 HIGH POC
8.2 Jul 02

Arbitrary file disclosure and PHP local file inclusion in Cockpit CMS before release 364 lets unauthenticated remote att

CVE-2023-37649 HIGH POC
7.5 Jul 20

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access

Share

CVE-2022-2818 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy