cockpit
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A systemd web based user interface for Linux servers |
| Version | 255.1-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1393 | 255.1-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3698 | AVG-1393 | Medium | Yes | Certificate verification bypass | A security issue was found in Cockpit in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw... |
| CVE-2020-35850 | AVG-1393 | Low | Yes | Cross-site request forgery | A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2430 | 253-1 | 254-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3660 | AVG-2430 | Medium | Yes | Insufficient validation | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,... |