CVE-2020-35131 - OpenCVE

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Agentejo	Cockpit

Configuration 1 [-]

cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php	Third Party Advisory
https://github.com/agentejo/cockpit/releases/tag/0.6.1	Release Notes Third Party Advisory
https://www.exploit-db.com/exploits/49390	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-08T16:09:06

Updated: 2021-01-08T16:09:06

Reserved: 2020-12-11T00:00:00

Link: CVE-2020-35131

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-08T17:15:13.150

Modified: 2021-01-12T19:46:00.750

Link: CVE-2020-35131

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-08T16:09:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/49390"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/agentejo/cockpit/releases/tag/0.6.1", "refsource": "MISC", "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"name": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php", "refsource": "MISC", "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"name": "https://www.exploit-db.com/exploits/49390", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/49390"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35131", "datePublished": "2021-01-08T16:09:06", "dateReserved": "2020-12-11T00:00:00", "dateUpdated": "2021-01-08T16:09:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*", "matchCriteriaId": "007A4A88-1820-45EA-AD7A-C9D5B73BD6BE", "versionEndExcluding": "0.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI."}, {"lang": "es", "value": "Cockpit versiones anteriores a 0.6.1, permite a un atacante inyectar c\u00f3digo PHP personalizado y lograr una Ejecuci\u00f3n de Comandos Remota por medio de la funci\u00f3n registerCriteriaFunction en la biblioteca lib/MongoLite/Database.php, como es demostrado por los valores en los datos JSON en el URI /auth/check o /auth/requestreset"}], "id": "CVE-2020-35131", "lastModified": "2021-01-12T19:46:00.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-08T17:15:13.150", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49390"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}