Felsec

**Name of the Vulnerable Software and Affected Versions** Cockpit versions prior to 2.13.6 **Description** Arbitrary code execution is possible via the `filter` parameter within multiple endpoints. This allows an attacker to execute system commands on the underlying infrastructure by utilizing the MongoLite `$func` operator. **Recommendations** Update to a version later than 2.13.5. Restrict the use of the `filter` parameter in affected endpoints as a temporary mitigation measure.

**Name of the Vulnerable Software and Affected Versions** Cockpit versions prior to 2.13.6 **Description** A misconfiguration in the Bucket component ` isFileTypeAllowed()` function allows an authenticated attacker to bypass an extension filter using a specially crafted filename. This enables the renaming of arbitrary files to have a .php extension, which can lead to arbitrary code execution on the underlying server. **Recommendations** Update to a version later than 2.13.5. As a temporary workaround, restrict access to the Bucket component or the ` isFileTypeAllowed()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cockpit versions prior to 2.13.6 **Description** A directory traversal issue exists in the Buckets component. This allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite existing assets with malicious versions. Directory traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder. **Recommendations** Update to a version later than 2.13.5. Restrict access to the Buckets component to minimize the risk of exploitation.