Dejan Zelic

**Name of the Vulnerable Software and Affected Versions** NeuVector versions prior to 5.2.2 **Description** A user can reverse engineer the JSON Web Token (JWT) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leading to Remote Code Execution (RCE). **Recommendations** For versions prior to 5.2.2, upgrade to NeuVector version 5.2.2 or later and use the latest Helm chart (2.6.3+). As a temporary workaround, users can replace the Manager & Controller certificate manually by following the instructions provided in the documentation. However, upgrading to 5.2.2 and replacing the Manager/REST API certificate is recommended to provide additional security enhancements to prevent possible attempted exploit and resulting RCE.

**Name of the Vulnerable Software and Affected Versions** openITCOCKPIT versions prior to 3.7.3 **Description** The issue arises from the use of a hardcoded API key, specifically `1fea123e07f730f76e661bced33a94152378611e`, instead of generating a random API key for WebSocket connections. This could potentially allow unauthorized access. **Recommendations** For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to WebSocket connections until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** openITCOCKPIT versions prior to 3.7.3 **Description** The issue allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an `su` command line in `app/Lib/SudoMessageInterface.php`. This is related to a web-based terminal in openITCOCKPIT. **Recommendations** For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based terminal until a patch is applied. Additionally, be cautious when using the `su` command and ensure proper handling of shell metacharacters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openITCOCKPIT versions prior to 3.7.3 **Description** The issue arises from unnecessary files, such as Lodash files, being present under the web root, leading to a Cross-Site Scripting (XSS) vulnerability. **Recommendations** For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** openITCOCKPIT versions prior to 3.7.3 **Description** The issue allows remote authenticated users to trigger outbound TCP requests, also known as Server-Side Request Forgery (SSRF), via the Test Connection feature of the Grafana Module. This is achieved through the `GrafanaConfigurationController.php` file in the `app/Plugin/GrafanaModule/Controller` directory. **Recommendations** For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue. As a temporary workaround, consider disabling the Test Connection feature of the Grafana Module until a patch is available. Restrict access to the `GrafanaConfigurationController.php` file to minimize the risk of exploitation. Avoid using the Test Connection feature in the affected Grafana Module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** openITCOCKPIT versions 3.7.2 and earlier **Description** The issue allows remote attackers to configure certain options by manipulating the HTTP Host header with specific keywords. This can be achieved by placing a hostname containing `dev` or `staging` in the header. **Recommendations** For openITCOCKPIT versions 3.7.2 and earlier, as a temporary workaround, consider restricting access to configure the self::DEVELOPMENT or self::STAGING options until a patch is available. Avoid using hostnames containing `dev` or `staging` in the HTTP Host header to minimize the risk of exploitation.