Lucene search

GitHub Advisory DatabaseGHSA-8WJ3-CPMR-8WHP

HistoryAug 16, 2022 - 12:00 a.m.

Cockpit Content Platform vulnerable to 2FA bypass

2022-08-1600:00:30

CWE-212

CWE-287

CWE-305

GitHub Advisory Database

github.com

cockpit content platform

2fa bypass

jwt token

develop branch

version 2.2.2

security vulnerability

patch

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.1%

JSON

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part of version 2.2.2.

Affected configurations

Vulners

Node

cockpit-hqcockpitRange≤2.2.1

VendorProductVersionCPE
cockpit-hqcockpit*cpe:2.3:a:cockpit-hq:cockpit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cockpit-hq	cockpit	*	cpe:2.3:a:cockpit-hq:cockpit::::::::

References

github.com/advisories/GHSA-8wj3-cpmr-8whp

github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4

huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491

nvd.nist.gov/vuln/detail/CVE-2022-2818

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.1%

JSON

Related for GHSA-8WJ3-CPMR-8WHP