PHP Remote File Inclusion in cockpit-hq/cockpit
CVE-2023-4195

9.9CRITICAL

Key Information:

Vendor: Cockpit-hq
Status: Cockpit-hq/cockpit
Vendor: CVE Published:; 6 August 2023

What is CVE-2023-4195?

This vulnerability in the Cockpit application prior to version 2.6.3 allows an attacker to exploit Remote File Inclusion (RFI) vulnerabilities through manipulated file paths. By successfully triggering this flaw, unauthorized files from a remote server can be included and executed on the vulnerable application, potentially leading to sensitive data exposure and further malicious actions. It's critical for organizations utilizing this product to apply security patches promptly and review their system configurations.

Affected Version(s)

cockpit-hq/cockpit < 2.6.3

References

https://huntr.dev/bounties/0bd5da2f-0e29-47ce-90f3-065186...

https://github.com/cockpit-hq/cockpit/commit/800c05f1984d...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2023
Vulnerability Reserved
Aug 6, 2023

CVE-2023-4195 Data

JSON

Cockpit-hq

What is CVE-2023-4195?

Affected Version(s)

References

CVSS V3.1

Timeline