A server-side request forgery issue was discovered in cockpit-project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting open ports, allowing the firewall configuration to be bypassed or the server to be used as a gateway by a malicious user. NOTE: the vendor states "I don't think [it] is a big real-life issue."
A server-side request forgery issue was discovered in cockpit-project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting open ports, allowing the firewall configuration to be bypassed or the server to be used as a gateway by a malicious user. NOTE: the vendor states "I don't think [it] is a big real-life issue."
https://github.com/passtheticket/vulnerability-research/blob/main/cockpitProject/README.md https://github.com/cockpit-project/cockpit/issues/15077
The validity of this issue is disputed.