Home

CVE-2021-3698

Description

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.114

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:2008) cockpit security, bug fix, and enhancement update cockpit-debugsource-264.1-1.el8.x86_64.rpmLinux
(RHSA-2022:2008) cockpit security, bug fix, and enhancement update cockpit-doc-264.1-1.el8.noarch.rpmLinux
cockpit security, bug fix, and enhancement update (RLSA-2022:2008) cockpit-264.1-1.el8.x86_64.rpmLinux
cockpit security, bug fix, and enhancement update (RLSA-2022:2008) cockpit-ws-264.1-1.el8.x86_64.rpmLinux
cockpit security, bug fix, and enhancement update (RLSA-2022:2008) cockpit-doc-264.1-1.el8.noarch.rpmLinux
cockpit security, bug fix, and enhancement update (RLSA-2022:2008) cockpit-bridge-264.1-1.el8.x86_64.rpmLinux
cockpit security, bug fix, and enhancement update (RLSA-2022:2008) cockpit-system-264.1-1.el8.noarch.rpmLinux
(RHSA-2022:2008) cockpit security, bug fix, and enhancement update cockpit-264.1-1.el8.x86_64.rpmLinux
(RHSA-2022:2008) cockpit security, bug fix, and enhancement update cockpit-bridge-264.1-1.el8.x86_64.rpmLinux
(RHSA-2022:2008)Moderate: security, bug fix, and enhancement update cockpit-debuginfo-264.1-1.el8.x86_64.rpmLinux
(RHSA-2022:2008) cockpit security, bug fix, and enhancement update cockpit-system-264.1-1.el8.noarch.rpmLinux
(RHSA-2022:2008) cockpit security, bug fix, and enhancement update cockpit-ws-264.1-1.el8.x86_64.rpmLinux
Cockpit update (ELSA-2022-2008) cockpit-264.1-1.0.1.el8.x86_64.rpmLinux
Cockpit-bridge update (ELSA-2022-2008) cockpit-bridge-264.1-1.0.1.el8.x86_64.rpmLinux
Cockpit-doc update (ELSA-2022-2008) cockpit-doc-264.1-1.0.1.el8.noarch.rpmLinux
Cockpit-system update (ELSA-2022-2008) cockpit-system-264.1-1.0.1.el8.noarch.rpmLinux
Cockpit-ws update (ELSA-2022-2008) cockpit-ws-264.1-1.0.1.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234