2 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
PT-2025-4135 · Cockpit Hq · Cockpit
Name of the Vulnerable Software and Affected Versions: cockpit-hq/cockpit versions prior to 2.4.1 Description: The issue allows for Arbitrary File Upload, where an attacker can bypass the upload filter by using different extensions. Recommendations: For cockpit-hq/cockpit versions prior to 2.4.1,...