Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Aug 3, 2024
CVE-2021-3698
CVE-2021-3698
Description
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Cockpit/Cockpitdescription
- osv-coords5 versionspkg:rpm/almalinux/cockpitpkg:rpm/almalinux/cockpit-bridgepkg:rpm/almalinux/cockpit-docpkg:rpm/almalinux/cockpit-systempkg:rpm/almalinux/cockpit-ws
< 264.1-1.el8+ 4 more
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
- (no CPE)range: < 264.1-1.el8
Patches
Vulnerability mechanics
References
1- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.