Server-Side Request Forgery in Cockpit by Cockpit Project
CVE-2020-35850

6.5MEDIUM

Key Information:

Vendor: Cockpit-project
Status: Cockpit
Vendor: CVE Published:; 30 December 2020

🔔 Create Cockpit-project Vulnerability Alert

What is CVE-2020-35850?

A Server-Side Request Forgery (SSRF) vulnerability was identified in Cockpit version 234. This issue allows an attacker to send crafted requests from the server side to internal resources, potentially exposing sensitive data or services. Although the vendor downplays its real-world impact, it is critical for users to remain aware of the risks associated with SSRF vulnerabilities and implement necessary security measures to mitigate potential threats.

References

https://github.com/passtheticket/vulnerability-research/b...

x_refsource_MISC

https://github.com/cockpit-project/cockpit/issues/15077

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2020
Vulnerability Reserved
Dec 30, 2020

CVE-2020-35850 Data

JSON