cockpit

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A systemd web based user interface for Linux servers
Version 249-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1393 249-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3660 AVG-1393 Medium Yes Insufficient validation
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,...
CVE-2020-35850 AVG-1393 Low Yes Cross-site request forgery
A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting...