Openitcockpit Security Vulnerabilities and Issues — Openitcockpit CVE List

Lucene search

It-novumOpenitcockpit

5 matches found

CVE•added 2020/03/20 6:15 p.m.•82 views

CVE-2020-10792

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.

7.5CVSS7.5AI score0.00464EPSS

CVE•added 2020/03/25 3:15 p.m.•39 views

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

9.1CVSS9.2AI score0.00257EPSS

CVE•added 2020/03/25 2:15 p.m.•38 views

CVE-2020-10789

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.

10CVSS9.8AI score0.00593EPSS

CVE•added 2020/03/25 2:15 p.m.•33 views

CVE-2020-10791

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.

6.5CVSS6.1AI score0.00139EPSS

CVE•added 2020/03/25 2:15 p.m.•32 views

CVE-2020-10790

openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.

5.4CVSS5.5AI score0.00379EPSS