3 matches found
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
CVE-2020-10792
OpenITCOCKPIT versions up to 3.7.2 are affected: an attacker can cause DEVELOPMENT or STAGING to be selected by sending a hostname in the HTTP Host header containing dev or staging. Root cause is improper handling of Host header input. Impact is configuration of environment options. For remediati...