Vulnerabilities > Cockpit Project

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-3660 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Cockpit (and its plugins) do not seem to protect itself against clickjacking.
network
low complexity
cockpit-project redhat CWE-1021
4.3
2022-03-10 CVE-2021-3698 Improper Certificate Validation vulnerability in multiple products
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD).
network
low complexity
cockpit-project redhat CWE-295
5.0
2020-12-30 CVE-2020-35850 Server-Side Request Forgery (SSRF) vulnerability in Cockpit-Project Cockpit 234
An SSRF issue was discovered in cockpit-project.org Cockpit 234.
network
low complexity
cockpit-project CWE-918
6.5
2019-03-26 CVE-2019-3804 Missing Initialization of Resource vulnerability in multiple products
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack.
network
low complexity
cockpit-project fedoraproject redhat CWE-909
7.5