---

CVE-2021-3698 - log back

CVE-2021-3698 edited at 14 Dec 2021 20:01:12
References	https://bugzilla.redhat.com/show_bug.cgi?id=1992149 https://cockpit-project.org/guide/latest/cert-authentication.html https://github.com/SSSD/sssd/issues/5224 https://github.com/SSSD/sssd/pull/5852 + https://github.com/cockpit-project/cockpit/pull/16703

CVE-2021-3698 edited at 03 Nov 2021 23:29:18
References	https://bugzilla.redhat.com/show_bug.cgi?id=1992149 https://cockpit-project.org/guide/latest/cert-authentication.html https://github.com/SSSD/sssd/issues/5224 + https://github.com/SSSD/sssd/pull/5852

CVE-2021-3698 edited at 30 Aug 2021 10:26:41
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Certificate verification bypass
Description	+ A security issue was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1992149 + https://cockpit-project.org/guide/latest/cert-authentication.html + https://github.com/SSSD/sssd/issues/5224

CVE-2021-3698 created at 30 Aug 2021 10:24:24
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes