Unrated severityNVD Advisory· Published Mar 7, 2022· Updated Aug 3, 2024
CVE-2021-3660
CVE-2021-3660
Description
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Cockpit/Cockpitdescription
- osv-coords5 versionspkg:rpm/almalinux/cockpitpkg:rpm/almalinux/cockpit-bridgepkg:rpm/almalinux/cockpit-docpkg:rpm/almalinux/cockpit-systempkg:rpm/almalinux/cockpit-ws
< 264.1-1.el8+ 4 more
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
Patches
Vulnerability mechanics
References
3- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10mitrex_refsource_MISC
- github.com/cockpit-project/cockpit/issues/16122mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.