A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0146 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2021-3660:
    Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a     page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a     malicious website in clickjacking or similar attacks.

    CVE-2021-3698:
    A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification     performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to     authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the     certificate status. The highest threat from this vulnerability is to confidentiality.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification     performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to     authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the     certificate status. The highest threat from this vulnerability is to confidentiality. (CVE-2021-3698)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2008 advisory.

  - A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification     performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to     authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the     certificate status. The highest threat from this vulnerability is to confidentiality. (CVE-2021-3698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-2008 advisory.

    - Certificate login validation (rhbz#1992620, CVE-2021-3698)
    - Restrict frame embedding to same origin (rhbz#1984902, CVE-2021-3660)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:2008 advisory.

  - Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a     page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a     malicious website in clickjacking or similar attacks. (CVE-2021-3660)

  - A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification     performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to     authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the     certificate status. The highest threat from this vulnerability is to confidentiality. (CVE-2021-3698)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:2008 advisory.

    Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network     configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line     sessions, and more.

    The following packages have been upgraded to a later upstream version: cockpit (264.1). (BZ#1984902,     BZ#1992620, BZ#2004041, BZ#2008208)

    Security Fix(es):

    * cockpit: authenticates with revoked certificates (CVE-2021-3698)

    * cockpit: pages vulnerable to clickjacking (CVE-2021-3660)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:2008 advisory.

  - cockpit: pages vulnerable to clickjacking (CVE-2021-3660)

  - cockpit: authenticates with revoked certificates (CVE-2021-3698)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
236960	Alibaba Cloud Linux 3 : 0146: cockpit (ALINUX3-SA-2023:0146)	Nessus	Alibaba Cloud Linux Local Security Checks	high
223953	Linux Distros Unpatched Vulnerability : CVE-2021-3698	Nessus	Misc.	high
161349	Rocky Linux 8 : cockpit (RLSA-2022:2008)	Nessus	Rocky Linux Local Security Checks	high
161308	Oracle Linux 8 : cockpit (ELSA-2022-2008)	Nessus	Oracle Linux Local Security Checks	high
161135	AlmaLinux 8 : cockpit (ALSA-2022:2008)	Nessus	Alma Linux Local Security Checks	high
161011	RHEL 8 : cockpit (RHSA-2022:2008)	Nessus	Red Hat Local Security Checks	high
160895	CentOS 8 : cockpit (CESA-2022:2008)	Nessus	CentOS Local Security Checks	high

Detections

Analytics

CVE-2021-3698

high

Tenable Plugins

high

high

high

high

high

high

high