Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12bTZwLTM1cnctM2Z4Y84AAt3H

Critical EPSS: 0.00317% (0.54163 Percentile) EPSS:
Permalink JSON

Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration

Affected Packages Affected Versions Fixed Versions
packagist:aheinze/cockpit < 2.2.0 2.2.0
4 Dependent packages
12 Dependent repositories
1,929 Downloads total

Affected Version Ranges

All affected versions

0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2

All unaffected versions

Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.

References:

Identifiers

GHSA-vm6p-35rw-3fxc

CVE-2022-2713

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00317

EPSS Percentile: 0.54163

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/cockpit-hq/cockpit

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON