Privilege Escalation in the Cockpit CMS in cockpit-hq/cockpit


Reported on

Feb 8th 2023


Hi, during my analyses I realized that it is possible to perform a privilege escalation by intercepting the request and changing the roles from "user" to "admin" becoming the application's administrator.

Proof of Concept


Alt Text


A normal user can change his or her permission and have administrator access.

We are processing your report and will contact the cockpit-hq/cockpit team within 24 hours. a month ago
We have contacted a member of the cockpit-hq/cockpit team and are waiting to hear back a month ago
Artur validated this vulnerability a month ago

Thanks for the hint

Dan Barros has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Artur marked this as fixed in 2.3.8 with commit 78d6ed a month ago
Artur has been awarded the fix bounty
This vulnerability has been assigned a CVE
Artur published this vulnerability a month ago
to join this conversation