VDB
CVE-2021-3698
CVE-2021-3698
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
EPSS 0.11% · 29.6th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.11%
29.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| cockpit-project | cockpit | 0 |
| n/a | cockpit | * |
Timeline
- Mar 8, 2022 CVE Published
- Mar 9, 2022 EPSS Score
- Apr 29, 2022 EPSS Score
- Jun 20, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Nov 22, 2022 EPSS Score
- Jan 13, 2023 EPSS Score
- Mar 5, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 26, 2023 EPSS Score
- Jun 16, 2023 EPSS Score