Описание
Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part of version 2.2.2.
Пакеты
Наименование
cockpit-hq/cockpit
composer
Затронутые версииВерсия исправления
<= 2.2.1
2.2.2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.