{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T09:13:42.416","vulnerabilities":[{"cve":{"id":"CVE-2018-9302","sourceIdentifier":"cve@mitre.org","published":"2018-05-02T15:29:01.060","lastModified":"2024-11-21T04:15:17.880","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4."},{"lang":"es","value":"SSRF (Server Side Request Forgery) en /assets/lib/fuc.js.php en Cockpit 0.4.4 hasta la versión 0.5.5 permite que atacantes remotos lean archivos arbitrarios o envíen tráfico TCP a hosts de la intranet mediante el parámetro url. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-14611, que estaba aproximadamente en la versión 0.13.0 y que (sorprendentemente) es una versión anterior a la 0.4.4."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getcockpit:cockpit:*:*:*:*:*:*:*:*","versionStartIncluding":"0.4.4","versionEndIncluding":"0.5.5","matchCriteriaId":"41A38BB6-4100-40B9-8DA7-57C010641766"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2018/May/10","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/44567/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2018/May/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/44567/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}