Cockpit 代码问题漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier had a code vulnerability caused by improper configuration of the isFileTypeAllowed function in the Bucket component. This vulnerability could lead to arbitrary file renami...

ROS-20250724-02

A vulnerability in the Cockpit server management system is related to the failure to clean data at the at the management level. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

...

Cross-site Scripting (XSS)

cockpit is vulnerable to cross-site scripting. It is possible to render a page from a cockpit server via another website, inside an HTML entry...

PT-2021-3773 · Cockpit +5 · Cockpit +5

Name of the Vulnerable Software and Affected Versions: Cockpit affected versions not specified Description: The issue is related to clickjacking attacks, where a malicious website can render a page from a Cockpit server inside an iframe HTML entry. This could be exploited by a malicious website t...

Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...