{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-08T16:09:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/49390"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2020-35131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/agentejo/cockpit/releases/tag/0.6.1", "refsource": "MISC", "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"name": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php", "refsource": "MISC", "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"name": "https://www.exploit-db.com/exploits/49390", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/49390"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:55:10.645Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/49390"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35131", "datePublished": "2021-01-08T16:09:06", "dateReserved": "2020-12-11T00:00:00", "dateUpdated": "2024-08-04T16:55:10.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:*", "matchCriteriaId": "007A4A88-1820-45EA-AD7A-C9D5B73BD6BE", "versionEndExcluding": "0.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI."}, {"lang": "es", "value": "Cockpit versiones anteriores a 0.6.1, permite a un atacante inyectar c\u00f3digo PHP personalizado y lograr una Ejecuci\u00f3n de Comandos Remota por medio de la funci\u00f3n registerCriteriaFunction en la biblioteca lib/MongoLite/Database.php, como es demostrado por los valores en los datos JSON en el URI /auth/check o /auth/requestreset"}], "id": "CVE-2020-35131", "lastModified": "2024-11-21T05:26:49.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-01-08T17:15:13.150", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"source": "[email protected]", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/agentejo/cockpit/releases/tag/0.6.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49390"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "cockpit: registerCriteriaFunction in lib/MongoLite/Database.php allows for a Remote Command Execution via custom php code injection", "id": "1916627", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916627"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-94", "details": ["Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.", "A flaw was found in cockpit. An attacker is able to inject custom PHP code and achieve remote command execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2020-35131", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Virtualization 4"}], "public_date": "2021-01-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35131\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35131"], "statement": "This vulnerability applies to Cockpit CMS (https://getcockpit.com/), which is a different product than the Cockpit Project (https://cockpit-project.org/) used in Red Hat products. The Cockpit Project is not affected by this vulnerability.", "threat_severity": "Important"}