Vulnerabilities > CVE-2020-35850 - Server-Side Request Forgery (SSRF) vulnerability in Cockpit-Project Cockpit 234

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cockpit-project

CWE-918

NVD

Published: 2020-12-30

Updated: 2024-08-04

Summary

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.

Vulnerable Configurations

Part	Description	Count
Application	Cockpit-Project Cockpit Project Cockpit 234	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/passtheticket/vulnerability-research/blob/main/cockpitProject/README.md
https://github.com/cockpit-project/cockpit/issues/15077