Cockpit 代码问题漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier had a code vulnerability caused by improper configuration of the isFileTypeAllowed function in the Bucket component. This vulnerability could lead to arbitrary file renami...

ROS-20250724-02

A vulnerability in the Cockpit server management system is related to the failure to clean data at the at the management level. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the Cockpit server management system, related to the failure to take measures for data cleaning at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Cockpit server management system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

The vulnerability of the Cockpit server management system arises from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of the Cockpit server management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

...

Cross-site Scripting (XSS)

cockpit is vulnerable to cross-site scripting. It is possible to render a page from a cockpit server via another website, inside an HTML entry...

The vulnerability of the manager for Cockpit servers, related to errors in displaying the user interface or frames, allows a perpetrator to inject malicious code.

The vulnerability of the Cockpit server administrator relates to errors in displaying the user interface or frames. Exploiting this vulnerability allows a malicious actor to inject malicious code remotely...

PT-2021-3773 · Cockpit +5 · Cockpit +5

Name of the Vulnerable Software and Affected Versions: Cockpit affected versions not specified Description: The issue is related to clickjacking attacks, where a malicious website can render a page from a Cockpit server inside an iframe HTML entry. This could be exploited by a malicious website t...

Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...

The vulnerability of the Cockpit server manager, caused by an operation going beyond buffer boundaries in memory, allows a attacker to trigger a service failure.

The vulnerability of the Cockpit server administrator arises from an operation that occurs outside the buffer boundaries of memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause a service failure by sending a specially crafted request along with a specially...