Vulnerability Details CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/it-novum/openITCOCKPIT/commit/719410b9ffff7d7b29dba7aad58faceb5eff789f
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
- https://github.com/it-novum/openITCOCKPIT/commit/719410b9ffff7d7b29dba7aad58faceb5eff789f
- https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
Products affected by CVE-2020-10792
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-10
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-12
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-13
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-14
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-15
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-16
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-5
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-6
-
cpe:2.3:a:it-novum:openitcockpit:3.0.10-8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-3
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-6
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-7
-
cpe:2.3:a:it-novum:openitcockpit:3.0.11-8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.4
-
cpe:2.3:a:it-novum:openitcockpit:3.0.5
-
cpe:2.3:a:it-novum:openitcockpit:3.0.6-1
-
cpe:2.3:a:it-novum:openitcockpit:3.0.6-2
-
cpe:2.3:a:it-novum:openitcockpit:3.0.7
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8-2
-
cpe:2.3:a:it-novum:openitcockpit:3.0.8-3
-
cpe:2.3:a:it-novum:openitcockpit:3.0.9
-
cpe:2.3:a:it-novum:openitcockpit:3.1.0
-
cpe:2.3:a:it-novum:openitcockpit:3.1.1
-
cpe:2.3:a:it-novum:openitcockpit:3.1.5
-
cpe:2.3:a:it-novum:openitcockpit:3.2.0
-
cpe:2.3:a:it-novum:openitcockpit:3.3.0
-
cpe:2.3:a:it-novum:openitcockpit:3.3.0-3
-
cpe:2.3:a:it-novum:openitcockpit:3.4.2
-
cpe:2.3:a:it-novum:openitcockpit:3.4.3
-
cpe:2.3:a:it-novum:openitcockpit:3.5.0
-
cpe:2.3:a:it-novum:openitcockpit:3.6.0
-
cpe:2.3:a:it-novum:openitcockpit:3.6.1
-
cpe:2.3:a:it-novum:openitcockpit:3.6.1.2
-
cpe:2.3:a:it-novum:openitcockpit:3.7.1
-
cpe:2.3:a:it-novum:openitcockpit:3.7.2