CVE-2026-44985
- EPSS 0.2%
- Veröffentlicht 26.05.2026 22:16:43
- Zuletzt bearbeitet 29.05.2026 19:30:05
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with ...
CVE-2026-45298
- EPSS 1.49%
- Veröffentlicht 26.05.2026 22:16:43
- Zuletzt bearbeitet 29.05.2026 19:23:33
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwards an atta...
CVE-2026-24740
- EPSS 0.39%
- Veröffentlicht 27.01.2026 21:16:03
- Zuletzt bearbeitet 19.02.2026 21:30:24
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scop...
CVE-2024-47182
- EPSS 0.21%
- Veröffentlicht 27.09.2024 14:15:04
- Zuletzt bearbeitet 04.10.2024 18:31:29
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, i...