AVG-1393 log

Package cockpit
Status Vulnerable
Severity Medium
Type multiple issues
Affected 249-1
Fixed Unknown
Current 249-1 [community]
Ticket Create
Created Wed Dec 30 11:02:54 2020
Issue Severity Remote Type Description
CVE-2021-3660 Medium Yes Insufficient validation
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,...
CVE-2020-35850 Low Yes Cross-site request forgery
A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting...