---

CVE-2020-35850 - log back

CVE-2020-35850 edited at 19 Feb 2021 09:54:14
References	https://github.com/passtheticket/vulnerability-research/blob/main/cockpitProject/README.md https://github.com/cockpit-project/cockpit/issues/15077 + https://docs.unsafe-inline.com/0day/cokpit-version-234-server-side-request-forgery-cve-2020-35850 + https://www.exploit-db.com/exploits/49397

CVE-2020-35850 edited at 30 Dec 2020 11:09:06
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Cross-site request forgery
Description	+ A server-side request forgery issue was discovered in cockpit-project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting open ports, allowing the firewall configuration to be bypassed or the server to be used as a gateway by a malicious user. + + NOTE: the vendor states "I don't think [it] is a big real-life issue."
References	+ https://github.com/passtheticket/vulnerability-research/blob/main/cockpitProject/README.md + https://github.com/cockpit-project/cockpit/issues/15077
Notes	+ The validity of this issue is disputed.

CVE-2020-35850 created at 30 Dec 2020 11:02:54