Miggo Logo
Miggo Vulnerability Database
CVE-2023-4395

CVE-2023-4395: Cockpit Cross-site Scripting vulnerability

8.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2023-4395
GHSA ID
GHSA-5cv4-48h7-7782
EPSS Score
0.29965%
CWE
CWE-79
Published
8/17/2023
Updated
11/7/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
cockpit-hq/cockpitcomposer<= 2.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patch changes two critical aspects: 1) Uses tmp_name for mime detection instead of user-controlled filename 2) Uses parse_url to safely extract extensions. The original code's pathinfo($_file, PATHINFO_EXTENSION) was vulnerable to manipulation via crafted filenames. By combining improper extension validation with potential unsanitized display of filenames in the UI, stored XSS becomes possible when malicious files are listed in the assets manager.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* S*riptin* (XSS) - Stor** in *it*u* r*pository *o*kpit-*q/*o*kpit *.*.* *n* prior. * p*t** is *v*il**l* *t *ommit **************************************** *n* *nti*ip*t** to ** p*rt o* v*rsion *.*.*.

Reasoning

T** p*t** ***n**s two *riti**l *sp**ts: *) Us*s tmp_n*m* *or mim* **t**tion inst*** o* us*r-*ontroll** *il*n*m* *) Us*s p*rs*_url to s***ly *xtr**t *xt*nsions. T** ori*in*l *o**'s p*t*in*o($_*il*, P*T*IN*O_*XT*NSION) w*s vuln*r**l* to m*nipul*tion vi