Cockpit Security Vulnerabilities

CVE-2024-1272

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

CVE-2024-4825

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...

CVE-2024-2001

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is...

CVE-2023-41564

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml...

CVE-2023-4451

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4433

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4432

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4422

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4395

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4321

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4196

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-4195

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-37649

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive...

CVE-2023-37650

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator...

CVE-2023-37272

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch...

CVE-2023-1313

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-1160

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to...

CVE-2021-32857

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues. There are no known patches for this...

CVE-2023-0780

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to...

CVE-2023-0759

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to...

CVE-2022-2818

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to...

CVE-2022-2713

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to...

CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or...

CVE-2021-3660

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar...

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset...

CVE-2020-35850

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life...

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword...

CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword...

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check...

CVE-2020-14408

An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack...

CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact...

CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2019-5158

An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version....

CVE-2019-5107

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain...

CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are...

CVE-2019-3804

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to...

CVE-2018-15538

Agentejo Cockpit has multiple Cross-Site Scripting...

CVE-2018-15539

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords,...

CVE-2018-15540

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory...

CVE-2018-11471

Cockpit 0.5.5 has XSS via a collection, form, or...

CVE-2018-9302

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about.....

CVE-2017-14611

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents...

CVE-2014-1861

The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE...