Vulnerabilities > Cockpit Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2021-3660 | Cockpit (and its plugins) do not seem to protect itself against clickjacking. | 4.3 |
2022-03-10 | CVE-2021-3698 | Improper Certificate Validation vulnerability in multiple products A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). | 7.5 |
2020-12-30 | CVE-2020-35850 | Server-Side Request Forgery (SSRF) vulnerability in Cockpit-Project Cockpit 234 An SSRF issue was discovered in cockpit-project.org Cockpit 234. | 6.5 |
2019-03-26 | CVE-2019-3804 | Missing Initialization of Resource vulnerability in multiple products It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. | 7.5 |