Vulnerability in Cockpit-project Cockpit
CVE-2021-3698
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless…
Vulnerability class: Improper Certificate Validation
EPSS: 0.006 (46.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Cockpit-project Cockpit
- Redhat Enterprise_linux — versions 8.0
- N/a Cockpit — versions cockpit versions prior to 260
Weakness classification (CWE)
References
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
Frequently asked questions
- What is CVE-2021-3698?
- CVE-2021-3698 is a high-severity vulnerability in Cockpit-project Cockpit, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2022-03-10.
- How severe is CVE-2021-3698?
- High severity. CVSS v3 base score is 7.5 out of 10.