Search
Find a vulnerability
Search criteria
4 vulnerabilities by amirraminfar
CVE-2026-45298 (GCVE-0-2026-45298)
Vulnerability from cvelistv5 – Published: 2026-05-26 22:01 – Updated: 2026-05-27 14:23
VLAI
Title
Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)
Summary
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that sends an HTTP POST to the supplied URL with attacker-controlled request headers, and returns the response status code AND up to 1MB of the response body to the caller, when the target replies non-2xx. This vulnerability is fixed in 10.5.2.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/amir20/dozzle/security/advisor… | x_refsource_CONFIRM |
| https://github.com/amir20/dozzle/releases/tag/v10.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45298",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:23:07.094049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:23:39.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-3v9w-6365-9w54"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dozzle",
"vendor": "amir20",
"versions": [
{
"status": "affected",
"version": "\u003c 10.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that sends an HTTP POST to the supplied URL with attacker-controlled request headers, and returns the response status code AND up to 1MB of the response body to the caller, when the target replies non-2xx. This vulnerability is fixed in 10.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T22:01:29.977Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/amir20/dozzle/security/advisories/GHSA-3v9w-6365-9w54",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-3v9w-6365-9w54"
},
{
"name": "https://github.com/amir20/dozzle/releases/tag/v10.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/amir20/dozzle/releases/tag/v10.5.2"
}
],
"source": {
"advisory": "GHSA-3v9w-6365-9w54",
"discovery": "UNKNOWN"
},
"title": "Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45298",
"datePublished": "2026-05-26T22:01:29.977Z",
"dateReserved": "2026-05-11T20:14:43.201Z",
"dateUpdated": "2026-05-27T14:23:39.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44985 (GCVE-0-2026-44985)
Vulnerability from cvelistv5 – Published: 2026-05-26 21:58 – Updated: 2026-05-28 14:15
VLAI
Title
Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication
Summary
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking (CSWSH). An attacker hosting a page on a same-site origin (e.g., a sibling subdomain, or another service on localhost) can initiate a WebSocket connection to the exec endpoint that carries the victim's valid JWT cookie, gaining interactive shell access in any container the victim is authorized to access. This vulnerability is fixed in 10.5.2.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/amir20/dozzle/security/advisor… | x_refsource_CONFIRM |
| https://github.com/amir20/dozzle/releases/tag/v10.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:14:53.489379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:15:19.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-j643-x8pv-8m67"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dozzle",
"vendor": "amir20",
"versions": [
{
"status": "affected",
"version": "\u003c 10.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking (CSWSH). An attacker hosting a page on a same-site origin (e.g., a sibling subdomain, or another service on localhost) can initiate a WebSocket connection to the exec endpoint that carries the victim\u0027s valid JWT cookie, gaining interactive shell access in any container the victim is authorized to access. This vulnerability is fixed in 10.5.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T21:58:55.905Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/amir20/dozzle/security/advisories/GHSA-j643-x8pv-8m67",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-j643-x8pv-8m67"
},
{
"name": "https://github.com/amir20/dozzle/releases/tag/v10.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/amir20/dozzle/releases/tag/v10.5.2"
}
],
"source": {
"advisory": "GHSA-j643-x8pv-8m67",
"discovery": "UNKNOWN"
},
"title": "Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44985",
"datePublished": "2026-05-26T21:58:55.905Z",
"dateReserved": "2026-05-08T16:23:33.265Z",
"dateUpdated": "2026-05-28T14:15:19.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24740 (GCVE-0-2026-24740)
Vulnerability from cvelistv5 – Published: 2026-01-27 20:59 – Updated: 2026-01-28 21:16
VLAI
Title
Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access
Summary
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/amir20/dozzle/security/advisor… | x_refsource_CONFIRM |
| https://github.com/amir20/dozzle/commit/620e59aa2… | x_refsource_MISC |
| https://github.com/amir20/dozzle/releases/tag/v9.0.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T21:16:31.777466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T21:16:44.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dozzle",
"vendor": "amir20",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle\u2019s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out\u2011of\u2011scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:59:05.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/amir20/dozzle/security/advisories/GHSA-m855-r557-5rc5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-m855-r557-5rc5"
},
{
"name": "https://github.com/amir20/dozzle/commit/620e59aa246347ba8a27e68c532853b8a5137bc1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/amir20/dozzle/commit/620e59aa246347ba8a27e68c532853b8a5137bc1"
},
{
"name": "https://github.com/amir20/dozzle/releases/tag/v9.0.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/amir20/dozzle/releases/tag/v9.0.3"
}
],
"source": {
"advisory": "GHSA-m855-r557-5rc5",
"discovery": "UNKNOWN"
},
"title": "Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24740",
"datePublished": "2026-01-27T20:59:05.656Z",
"dateReserved": "2026-01-26T19:06:16.059Z",
"dateUpdated": "2026-01-28T21:16:44.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47182 (GCVE-0-2024-47182)
Vulnerability from cvelistv5 – Published: 2024-09-27 13:58 – Updated: 2024-09-27 14:13
VLAI
Title
Dozzle uses unsafe hash for passwords
Summary
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-328 - Use of Weak Hash
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/amir20/dozzle/security/advisor… | x_refsource_CONFIRM |
| https://github.com/amir20/dozzle/commit/de79f03aa… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T14:13:00.217008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T14:13:09.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dozzle",
"vendor": "amir20",
"versions": [
{
"status": "affected",
"version": "\u003c 8.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328: Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:58:22.881Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/amir20/dozzle/security/advisories/GHSA-w7qr-q9fh-fj35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/amir20/dozzle/security/advisories/GHSA-w7qr-q9fh-fj35"
},
{
"name": "https://github.com/amir20/dozzle/commit/de79f03aa3dbe5bb1e154a7e8d3dccbd229f3ea3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/amir20/dozzle/commit/de79f03aa3dbe5bb1e154a7e8d3dccbd229f3ea3"
}
],
"source": {
"advisory": "GHSA-w7qr-q9fh-fj35",
"discovery": "UNKNOWN"
},
"title": "Dozzle uses unsafe hash for passwords"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47182",
"datePublished": "2024-09-27T13:58:22.881Z",
"dateReserved": "2024-09-19T22:32:11.963Z",
"dateUpdated": "2024-09-27T14:13:09.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}