CVE-2021-3698 log

Source
Severity Medium
Remote Yes
Type Certificate verification bypass
Description
A security issue was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status.
Group Package Affected Fixed Severity Status Ticket
AVG-1393 cockpit 255.1-1 Medium Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1992149
https://cockpit-project.org/guide/latest/cert-authentication.html
https://github.com/SSSD/sssd/issues/5224