EPSS
Percentile
38.0%
cockpit-hq is vulnerable to Privilege Escalation. The vulnerability exists in the save function of Users.php, allowing an attacker to escalate a user role by intercepting the request and modifying the POST data.
save
Users.php
github.com/advisories/GHSA-86rf-38v8-9c4x
github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714
huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347
huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347/