Skip to main content

Cockpit CVE-2023-1160

MEDIUM
Use of Platform-Dependent Third Party Components (CWE-1103)
2023-03-03 security@huntr.dev
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 03, 2023 - 02:15 nvd
MEDIUM 5.5

DescriptionNVD

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.

AnalysisAI

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1103. Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. Affected products include: Agentejo Cockpit. Version information: prior to 2.4.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-35847 CRITICAL POC
9.8 Dec 30

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Rated critical

CVE-2020-35846 CRITICAL POC
9.8 Dec 30

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Rated critical severit

CVE-2022-2713 CRITICAL POC
9.8 Aug 08

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. Rated critical severity (CVSS 9.

CVE-2020-35848 CRITICAL POC
9.8 Dec 30

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. Rated critical s

CVE-2018-15540 CRITICAL POC
9.8 Oct 15

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse t

CVE-2018-9302 CRITICAL POC
9.1 May 02

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to r

CVE-2023-4195 HIGH POC
8.8 Aug 06

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated high severity (CVSS 8.8), this v

CVE-2023-37650 HIGH POC
8.8 Jul 20

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Admi

CVE-2023-1313 HIGH POC
8.8 Mar 10

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. Rated high sever

CVE-2023-0759 HIGH POC
8.8 Feb 09

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Rated high severity (CVSS 8.8), this vulnerab

CVE-2022-2818 HIGH POC
8.8 Aug 15

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.

CVE-2026-58467 HIGH POC
8.2 Jul 02

Arbitrary file disclosure and PHP local file inclusion in Cockpit CMS before release 364 lets unauthenticated remote att

Share

CVE-2023-1160 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy