QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3660

Published: Mar 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

Vendor	Product	Versions
n/a	cockpit	affected `Fixed in cockpit v254 and later.`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1980688

x_refsource_MISC

https://github.com/cockpit-project/cockpit/issues/16122

x_refsource_MISC

https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.