AVG-1393 log
| Package | cockpit |
| Status | Vulnerable |
| Severity | Medium |
| Type | multiple issues |
| Affected | 249-1 |
| Fixed | Unknown |
| Current | 249-1 [community] |
| Ticket | Create |
| Created | Wed Dec 30 11:02:54 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-3660 | Medium | Yes | Insufficient validation | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,... |
| CVE-2020-35850 | Low | Yes | Cross-site request forgery | A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting... |