A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1992149 | Issue Tracking Third Party Advisory |
Information
Published : 2022-03-10 09:42
Updated : 2022-03-14 16:59
NVD link : CVE-2021-3698
Mitre link : CVE-2021-3698
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
cockpit-project
- cockpit
redhat
- enterprise_linux