CVE-2021-3660 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2430	cockpit	253-1	254-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1980688 https://cockpit-project.org/guide/latest/embedding.html https://github.com/cockpit-project/cockpit/issues/16122 https://github.com/cockpit-project/cockpit/pull/16342 https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10

References

https://bugzilla.redhat.com/show_bug.cgi?id=1980688
https://cockpit-project.org/guide/latest/embedding.html
https://github.com/cockpit-project/cockpit/issues/16122
https://github.com/cockpit-project/cockpit/pull/16342
https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10