cockpit

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A systemd web based user interface for Linux servers
Version 255.1-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1393 255.1-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3698 AVG-1393 Medium Yes Certificate verification bypass
A security issue was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw...
CVE-2020-35850 AVG-1393 Low Yes Cross-site request forgery
A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2430 253-1 254-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-3660 AVG-2430 Medium Yes Insufficient validation
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,...