Cross-Site Request Forgery in Cockpit CMS Admin Portal
CVE-2023-37650

8.8HIGH

Key Information:

Vendor: Agentejo
Status: Cockpit
Vendor: CVE Published:; 20 July 2023

What is CVE-2023-37650?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Admin portal of Cockpit CMS version 2.5.2. This security flaw can be exploited by attackers to execute arbitrary commands with recompiled Administrator privileges, leading to potential unauthorized access and control over the CMS. To mitigate this risk, users are encouraged to upgrade to the latest version of Cockpit CMS, where the vulnerability has been addressed.

References

https://www.ghostccamm.com/blog/multi_cockpit_vulns/

https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2023
Vulnerability Reserved
Jul 10, 2023

CVE-2023-37650 Data

JSON

Agentejo

What is CVE-2023-37650?

References

CVSS V3.1

Timeline