Unrestricted File Upload

2024-05-1606:19:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

unrestricted file upload

vulnerability

improper file upload checks

media api

compromise

system integrity

unauthorized access

data manipulation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

cockpit-hq/cockpit is vulnerable to Unrestricted File Upload. The vulnerability is due to an improper file upload checks within the /media/api POST endpoint which can be exploited to compromise the system’s integrity, allowing unauthorized access or data manipulation.