Privilege Escalation in the Cockpit CMS in cockpit-hq/cockpit

Valid

Reported on

Feb 8th 2023

Description

Hi, during my analyses I realized that it is possible to perform a privilege escalation by intercepting the request and changing the roles from "user" to "admin" becoming the application's administrator.

Proof of Concept

poc:

Alt Text

Impact

A normal user can change his or her permission and have administrator access.

We are processing your report and will contact the cockpit-hq/cockpit team within 24 hours. a month ago

We have contacted a member of the cockpit-hq/cockpit team and are waiting to hear back a month ago

Artur validated this vulnerability a month ago

Thanks for the hint

Dan Barros has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Artur marked this as fixed in 2.3.8 with commit 78d6ed a month ago

Artur has been awarded the fix bounty

This vulnerability has been assigned a CVE

Artur published this vulnerability a month ago

to join this conversation