CVE-2021-3698
Last modified
CVE-2021-3698 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cockpit-Project | Cockpit | < 260 |
| Redhat | Enterprise Linux | 8.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1992149Issue Tracking, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1992149Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3698?
How severe is CVE-2021-3698?
How do I fix CVE-2021-3698?
Are you affected by CVE-2021-3698?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST