Lucene search

GitHub Advisory DatabaseGHSA-RMGX-3W4R-XCFP

HistoryAug 19, 2023 - 3:32 a.m.

Cockpit Cross-site Scripting vulnerability

2023-08-1903:32:19

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

github repository

patch available

version 2.6.4.

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit version 2.6.3 and prior. A patch is available at commit 2a93d391fbd2dd9e730f65d43b29beb65903d195 and anticipated to be part of version 2.6.4.

Affected configurations

Vulners

Node

cockpit-hqcockpitRange≤2.6.3

CPENameOperatorVersion
cockpit-hq/cockpitle2.6.3

CPE	Name	Operator	Version
	cockpit-hq/cockpit	le	2.6.3

References

github.com/advisories/GHSA-rmgx-3w4r-xcfp

github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195

huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f

nvd.nist.gov/vuln/detail/CVE-2023-4432

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for GHSA-RMGX-3W4R-XCFP