Описание
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:agentejo:cockpit:0.13.0:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00297
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
EPSS
Процентиль: 53%
0.00297
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918