ID CVE-2017-14611
Summary SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
References
Vulnerable Configurations
  • cpe:2.3:a:getcockpit:cockpit:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:getcockpit:cockpit:0.13.0:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 17-05-2018 - 17:41)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
fulldisc 20180406 SSRF(Server Side Request Forgery) in Cockpit CMS 0.13.0 (CVE-2017-14611)
Last major update 17-05-2018 - 17:41
Published 10-04-2018 - 15:29
Back to Top