aheinze/cockpit is vulnerable to server side request forgery (SSRF) attacks. The attack is possible because it through the window.fetch_url_contents
function, allowing a malicious user to read arbitrary files, scan network ports, carry out information detection and internal network server attacks.
CPE | Name | Operator | Version |
---|---|---|---|
aheinze/cockpit | le | 0.13.0 |