CVE-2017-14611
CRITICALCockpit 0.13.0 - Server-Side Request Forgery via URL Parameter
Title source: llmDescription
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
References (1)
Core 1
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Apr/15
Scores
CVSS v3
9.1
EPSS
0.0197
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (1)
agentejo/cockpit
0.13.0
Published
Apr 10, 2018
Tracked Since
Feb 18, 2026