CVE-2021-3698 - log back

CVE-2021-3698 edited at 14 Dec 2021 20:01:12
References
https://bugzilla.redhat.com/show_bug.cgi?id=1992149
https://cockpit-project.org/guide/latest/cert-authentication.html
https://github.com/SSSD/sssd/issues/5224
https://github.com/SSSD/sssd/pull/5852
+ https://github.com/cockpit-project/cockpit/pull/16703
CVE-2021-3698 edited at 03 Nov 2021 23:29:18
References
https://bugzilla.redhat.com/show_bug.cgi?id=1992149
https://cockpit-project.org/guide/latest/cert-authentication.html
https://github.com/SSSD/sssd/issues/5224
+ https://github.com/SSSD/sssd/pull/5852
CVE-2021-3698 edited at 30 Aug 2021 10:26:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Certificate verification bypass
Description
+ A security issue was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+ https://cockpit-project.org/guide/latest/cert-authentication.html
+ https://github.com/SSSD/sssd/issues/5224
CVE-2021-3698 created at 30 Aug 2021 10:24:24
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes