Cockpit Security Vulnerabilities and Issues — Cockpit CVE List

Lucene search

AgentejoCockpit

4 matches found

CVE•added 2022/03/10 5:42 p.m.•173 views

CVE-2021-3660

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

4.3CVSS4.6AI score0.00256EPSS

CVE•added 2022/03/10 5:42 p.m.•131 views

CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or th...

7.5CVSS7.1AI score0.00139EPSS

CVE•added 2022/08/15 11:21 a.m.•79 views

CVE-2022-2818

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

9.8CVSS9.1AI score0.00716EPSS

CVE•added 2022/08/08 3:15 p.m.•75 views

CVE-2022-2713

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

9.8CVSS9.2AI score0.00317EPSS