Security Advisories - cockpit-hq/cockpit

cockpit-hq/cockpit Security Advisories for 2.3.7 (16)

[CRITICAL] Cockpit CMS contains an arbitrary file upload vulenrability

PKSA-1g11-thhn-qmqq CVE-2024-4825 GHSA-vpj8-xfqc-jcv9

Affected version: <2.7.0

Reported by:
GitHub
[MEDIUM] Cockpit CMS arbitrary file upload vulnerability

PKSA-dkf9-ctj9-6715 CVE-2023-41564 GHSA-38vf-35cg-m73w

Affected version: <=2.6.3

Reported by:
GitHub
[MEDIUM] Cockpit Cross-site Scripting vulnerability

PKSA-t4f4-3p1b-pwvn CVE-2023-4451 GHSA-g3mv-64h3-h482

Affected version: <=2.6.3

Reported by:
GitHub
[HIGH] Cockpit Cross-site Scripting vulnerability

PKSA-j62f-f87n-nv4p CVE-2023-4433 GHSA-ff45-2jp9-69jc

Affected version: <=2.6.3

Reported by:
GitHub
[HIGH] Cockpit Cross-site Scripting vulnerability

PKSA-xrwz-4p22-v3sh CVE-2023-4432 GHSA-rmgx-3w4r-xcfp

Affected version: <=2.6.3

Reported by:
GitHub
[MEDIUM] Cockpit Cross-site Scripting vulnerability

PKSA-vwbc-y3t3-84k8 CVE-2023-4422 GHSA-8m65-qq6g-43rr

Affected version: <2.6.3

Reported by:
GitHub
[HIGH] Cockpit Cross-site Scripting vulnerability

PKSA-55bx-95g3-bdpb CVE-2023-4395 GHSA-5cv4-48h7-7782

Affected version: <=2.6.3

Reported by:
GitHub
[HIGH] Cockpit Cross-site Scripting vulnerability

PKSA-znb8-w45f-64b5 CVE-2023-4321 GHSA-3vf5-xm2p-6mh5

Affected version: <=2.6.2

Reported by:
GitHub
[HIGH] Cockpit Cross-site Scripting vulnerability

PKSA-ys3f-9xrr-xrsz CVE-2023-4196 GHSA-w3qm-93vf-5hrw

Affected version: <2.6.3

Reported by:
GitHub
[CRITICAL] Cockpit PHP Remote File Inclusion vulnerability

PKSA-ywbw-pgpj-12g6 CVE-2023-4195 GHSA-xcq3-7pf3-5jvc

Affected version: <2.6.3

Reported by:
GitHub
[HIGH] Cockpit CMS Cross-Site Request Forgery vulnerability

PKSA-6cf3-m793-4f7h CVE-2023-37650 GHSA-45g2-r339-pjwf

Affected version: <2.6.0

Reported by:
GitHub
[HIGH] Cockpit CMS vulnerable to incorrect access control

PKSA-61gq-gryd-k7qp CVE-2023-37649 GHSA-9r25-4j77-9wc7

Affected version: <2.6.0

Reported by:
GitHub
[HIGH] cockpit-hq/cockpit is vulnerable to unrestricted file uploads

PKSA-dyd6-q5kw-cnzs CVE-2023-1313 GHSA-6x8f-x6qw-qwx3

Affected version: <2.4.1

Reported by:
GitHub
[MEDIUM] Cockpit Uses Platform-Dependent Third Party Components

PKSA-xv8s-t5k3-3fys CVE-2023-1160 GHSA-p8cq-pv6w-6rwx

Affected version: <=2.3.9

Reported by:
GitHub
[MEDIUM] Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit

PKSA-ch6m-qfpx-wtvr CVE-2023-0780 GHSA-gm7m-rqf8-jx4m

Affected version: <2.3.9

Reported by:
GitHub
[HIGH] privilege chaining in cockpit-hq/cockpit

PKSA-99sv-2wdf-h212 CVE-2023-0759 GHSA-86rf-38v8-9c4x

Affected version: <2.3.8

Reported by:
GitHub

cockpit-hq/cockpit Security Advisories for 2.3.7 (16)

[CRITICAL] Cockpit CMS contains an arbitrary file upload vulenrability

[MEDIUM] Cockpit CMS arbitrary file upload vulnerability

[MEDIUM] Cockpit Cross-site Scripting vulnerability

[HIGH] Cockpit Cross-site Scripting vulnerability

[HIGH] Cockpit Cross-site Scripting vulnerability

[MEDIUM] Cockpit Cross-site Scripting vulnerability

[HIGH] Cockpit Cross-site Scripting vulnerability

[HIGH] Cockpit Cross-site Scripting vulnerability

[HIGH] Cockpit Cross-site Scripting vulnerability

[CRITICAL] Cockpit PHP Remote File Inclusion vulnerability

[HIGH] Cockpit CMS Cross-Site Request Forgery vulnerability

[HIGH] Cockpit CMS vulnerable to incorrect access control

[HIGH] cockpit-hq/cockpit is vulnerable to unrestricted file uploads

[MEDIUM] Cockpit Uses Platform-Dependent Third Party Components

[MEDIUM] Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit

[HIGH] privilege chaining in cockpit-hq/cockpit