VDB

CVE-2021-3698

CVE-2021-3698 PUBLISHED CVSS 7.5 HIGH

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.

EPSS 0.11% · 29.6th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.11%
29.6th percentile

Affected Products

VendorProductVersions
redhatenterprise_linux8.0
cockpit-projectcockpit0
n/acockpit*

Timeline

  • Mar 8, 2022 CVE Published
  • Mar 9, 2022 EPSS Score
  • Apr 29, 2022 EPSS Score
  • Jun 20, 2022 EPSS Score
  • Aug 11, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
  • Nov 22, 2022 EPSS Score
  • Jan 13, 2023 EPSS Score
  • Mar 5, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 26, 2023 EPSS Score
  • Jun 16, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›