Msrc Cm1 Cockpit 248-3 On Cbl Mariner 1.0 vulnerabilities

CVE-2021-3698 [HIGH] CWE-295 A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation Li

CVE-2021-3660 [MEDIUM] CWE-1021 Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks. FAQ: Is Azure Li