cockpit

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A systemd web based user interface for Linux servers
Version	249-1 [community]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1393	249-1		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2021-3660	AVG-1393	Medium	Yes	Insufficient validation	Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,...
CVE-2020-35850	AVG-1393	Low	Yes	Cross-site request forgery	A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-3660

AVG-1393

Medium

Yes

Insufficient validation

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website,...

CVE-2020-35850

AVG-1393

Low

Yes

Cross-site request forgery

A server-side request forgery issue was discovered in cockpit- project.org Cockpit 234. It allows a user to send requests to internal hosts for detecting...