GCVE - cpe:2.3:a:n/a:cockpit:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:cockpit:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Cockpit (`eaca5a5c-8c68-5e3e-9eef-467c5b8db53a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-7053`	vulnerable	2026-06-08 07:43:17.936464	Cockpit save cross site scripting LOW (3.5) A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.11.4 is able to address this issue. The patch is named bdcd5e3bc651c0839c7eea807f3eb6af856dbc76. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. A patch and new release was made available very quickly. Published: 2025-07-04T02:02:05.755Z Updated: 2025-07-08T14:09:42.473Z Open on db.gcve.eu Reference links https://vuldb.com/?id.314819 https://vuldb.com/?ctiid.314819 https://vuldb.com/?submit.605594 https://github.com/Cockpit-HQ/Cockpit/commit/bdcd5e3bc651c0839c7eea807f3eb6af856dbc76 https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.11.4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3698`	vulnerable	2026-06-08 05:33:53.446651	Details available A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. Published: 2022-03-08T14:07:49.000Z Updated: 2024-08-03T17:01:07.967Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1992149	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3660`	vulnerable	2026-06-08 05:33:53.334385	Details available Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. Published: 2022-03-07T13:59:18.000Z Updated: 2024-08-03T17:01:08.335Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1980688 https://github.com/cockpit-project/cockpit/issues/16122 https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.