Critical severity9.1NVD Advisory· Published Apr 10, 2018· Updated Jun 17, 2026

CVE-2017-14611

Description

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.

Affected products

Agentejo/Cockpitinferred
Range: = 0.13.0
Cockpit Hq/Cockpit Hq/cockpitllm-fuzzy
Range: =0.13.0

Patches

Vulnerability mechanics

References

seclists.org/fulldisclosure/2018/Apr/15nvdExploitMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000