openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:it-novum:openitcockpit:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"vendor_product": "it-novum:openitcockpit",
"extracted_events": [
{
"last_affected": "3.7.2"
}
]
}
]
}