Vulnerability in Cockpit-project Cockpit

CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless…

Vulnerability class: Improper Certificate Validation

EPSS: 0.006 (46.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-3698?
CVE-2021-3698 is a high-severity vulnerability in Cockpit-project Cockpit, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2022-03-10.
How severe is CVE-2021-3698?
High severity. CVSS v3 base score is 7.5 out of 10.