Sever Side Request Forgery (SSRF)
aheinze/cockpit is vulnerable to server side request forgery SSRF attacks. The attack is possible because it through the window.fetchurlcontents function, allowing a malicious user to read arbitrary files, scan network ports, carry out information detection and internal network server attacks...