GHSA-J2RX-4JG9-79MW Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type
Cockpit versions 2.13.5 and earlier are affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling...