CVE-2021-3698
HIGHCockpit < 260 - Improper Certificate Validation via SSSD
Title source: llmDescription
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1992149
Scores
CVSS v3
7.5
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-295
Status
published
Products (2)
cockpit-project/cockpit
< 260
redhat/enterprise_linux
8.0
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026