CVE-2021-3660

Medium

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via…

redhat·CWE-1021·Published 2022-03-07

CVSS

4.3

EPSS

0.01

KEV

Exploits

cve.orgen

259 chars

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

NVDen

259 chars

NVDes

291 chars

Cockpit (y sus plugins) no parecen protegerse contra un ataque de clickjacking. Es posible renderizar una página de un servidor de Cockpit por medio de otro sitio web, dentro de una entrada HTML (iFrame). Esto puede ser usado por un sitio web malicioso en ataques de clickjacking o similares

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N