Published: 02/05/2018 Updated: 07/06/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 up to and including 0.5.5 allows remote malicious users to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
getcockpit cockpit

# SSRF（Server Side Request Forgery） in Cockpit 044-055 (CVE-2018-9302) Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 044-055 versionsI've been tested success of "Cockpit CMS" lastest version ## Product Download: Cockpit (getcockpitcom) ## Vulnerability Type：SSRF� ...

Cockpit CMS versions 044 through 055 suffer from a server-side request forgery vulnerability ...

CWE-918 http://seclists.org/fulldisclosure/2018/May/10 https://www.exploit-db.com/exploits/44567/https://nvd.nist.gov https://www.exploit-db.com/exploits/44567/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9302

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect