Lucene search
K

135 matches found

OSV
OSV
added 2020/03/25 2:15 p.m.15 views

CVE-2020-10791

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

6.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2020/03/25 2:15 p.m.19 views

Design/Logic Flaw

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...

10CVSS9.7AI score0.01947EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/03/25 2:15 p.m.13 views

Default credentials

openITCOCKPIT before 3.7.3 has unnecessary files such as Lodash files under the web root, which leads to XSS...

3.5CVSS5.5AI score0.00906EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/03/25 2:15 p.m.12 views

Design/Logic Flaw

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

4CVSS6.2AI score0.01151EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/03/25 2:4 p.m.58 views

CVE-2020-10788

CVE-2020-10788 affects openITCOCKPIT version prior to 3.7.3, where WebSocket connections use a fixed API key (1fea123e07f730f76e661bced33a94152378611e) instead of generating random keys. Root cause is the use of a static API key for WebSocket authentication, enabling potential unauthorized access...

9.1CVSS9.2AI score0.0156EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/25 2:4 p.m.21 views

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...

9.3AI score0.0156EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/25 2:0 p.m.23 views

CVE-2020-10789

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...

9.9AI score0.01947EPSS
Exploits0References2
CVE
CVE
added 2020/03/25 2:0 p.m.51 views

CVE-2020-10789

OpenITCOCKPIT prior to version 3.7.3 exposes a web-based terminal that can execute arbitrary OS commands due to mishandling of shell metacharacters in the su path (app/Lib/SudoMessageInterface.php). Affected product/component: OpenITCOCKPIT web UI; root cause: improper handling of shell metachara...

10CVSS9.8AI score0.01947EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/25 1:59 p.m.12 views

CVE-2020-10790

openITCOCKPIT before 3.7.3 has unnecessary files such as Lodash files under the web root, which leads to XSS...

5.5AI score0.00906EPSS
Exploits0References3
CVE
CVE
added 2020/03/25 1:59 p.m.43 views

CVE-2020-10790

CVE-2020-10790 affects openITCOCKPIT

5.4CVSS5.5AI score0.00906EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/03/25 1:58 p.m.18 views

CVE-2020-10791

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

6.2AI score0.01151EPSS
Exploits0References2
CVE
CVE
added 2020/03/25 1:58 p.m.46 views

CVE-2020-10791

OpenITCOCKPIT contains an SSRF vulnerability in GrafanaModule’s GrafanaConfigurationController.php. Affected versions are before 3.7.3; remote authenticated users can trigger outbound TCP requests via the Test Connection (testGrafanaConnection) feature. Evidence: CVE-2020-10791 and Red Hat/CNVD/O...

6.5CVSS6.1AI score0.01151EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/03/23 12:0 a.m.3 views

Unspecified vulnerability in openITCOCKPIT

openITCOCKPIT is a set of open source system monitoring tools . openITCOCKPIT 3.7.2 and earlier versions of a security vulnerability , an attacker can be exploited by placing in the HTTP Host header with 'dev' or 'staging' host name configuration self::DEVELOPMENT or self::STAGING option...

7.5CVSS6.8AI score0.01895EPSS
Exploits0References1
NVD
NVD
added 2020/03/20 6:15 p.m.16 views

CVE-2020-10792

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

7.5CVSS7.5AI score0.01895EPSS
Exploits0References2
OSV
OSV
added 2020/03/20 6:15 p.m.15 views

CVE-2020-10792

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

7.5CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2020/03/20 6:15 p.m.11 views

Design/Logic Flaw

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

5CVSS7.5AI score0.01895EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/20 5:48 p.m.18 views

CVE-2020-10792

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

7.5AI score0.01895EPSS
Exploits0References2
CVE
CVE
added 2020/03/20 5:48 p.m.99 views

CVE-2020-10792

OpenITCOCKPIT versions up to 3.7.2 are affected: an attacker can cause DEVELOPMENT or STAGING to be selected by sending a hostname in the HTTP Host header containing dev or staging. Root cause is improper handling of Host header input. Impact is configuration of environment options. For remediati...

7.5CVSS7.5AI score0.01895EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/12/31 6:15 p.m.20 views

CVE-2019-10227

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component...

6.1CVSS6AI score0.01229EPSS
Exploits2References2
OSV
OSV
added 2019/12/31 6:15 p.m.12 views

CVE-2019-10227

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component...

6.1CVSS6AI score
Exploits0References2
Rows per page
Query Builder