Privilege Chaining in cockpit-hq/cockpit
CVE-2023-0759

8.8HIGH

Key Information:

Vendor: Cockpit-hq
Status: Cockpit-hq/cockpit
Vendor: CVE Published:; 9 February 2023

What is CVE-2023-0759?

A privilege chaining issue has been identified in Cockpit prior to version 2.3.8. This vulnerability can allow attackers to escalate privileges within the system by chaining together multiple privilege escalation techniques. It is crucial for users of Cockpit to update to the latest version to mitigate the risks associated with this security flaw. Detailed insights and technical specifics can be found in the related commits and reports.

Affected Version(s)

cockpit-hq/cockpit < 2.3.8

References

https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e...

https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2023
Vulnerability Reserved
Feb 9, 2023

CVE-2023-0759 Data

JSON

Cockpit-hq

What is CVE-2023-0759?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline