CVE-2021-3698 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Certificate verification bypass
Description	A security issue was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1393	cockpit	259-1	260-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1992149 https://cockpit-project.org/guide/latest/cert-authentication.html https://github.com/SSSD/sssd/issues/5224 https://github.com/SSSD/sssd/pull/5852 https://github.com/cockpit-project/cockpit/pull/16703

References

https://bugzilla.redhat.com/show_bug.cgi?id=1992149
https://cockpit-project.org/guide/latest/cert-authentication.html
https://github.com/SSSD/sssd/issues/5224
https://github.com/SSSD/sssd/pull/5852
https://github.com/cockpit-project/cockpit/pull/16703