CVE-2020-35850 log

Severity Low
Remote Yes
Type Cross-site request forgery
A server-side request forgery issue was discovered in Cockpit 234. It allows a user to send requests to internal hosts for detecting open ports, allowing the firewall configuration to be bypassed or the server to be used as a gateway by a malicious user.

NOTE: the vendor states "I don't think [it] is a big real-life issue."
Group Package Affected Fixed Severity Status Ticket
AVG-1393 cockpit 259-1 260-1 Medium Fixed
The validity of this issue is disputed.