DEBIAN-CVE-2021-3660

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-3660

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3660.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-3660

Upstream

CVE-2021-3660

Published

2022-03-10T17:42:55Z

Modified

2025-09-30T05:15:11.673177Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

References

https://security-tracker.debian.org/tracker/CVE-2021-3660

Affected packages

Debian:11 / cockpit

Package

Name: cockpit
Purl: pkg:deb/debian/cockpit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

239-1

243-1

243-2

244-1

248-1

249-1

250-1

251-1~bpo10+1

251-1

251-2

252-1

254-1~bpo10+1

254-1

255-1

256-1~bpo11+1

256-1

257-1~bpo11+1

257-1

258-1

259-1~bpo11+1

259-1

259-2

260-1~bpo11+1

260-1

261-1~bpo11+1

261-1

262-1

263-1

264-1

265-1~bpo11+1

265-1

266-1~bpo11+1

266-1

267-1

269-1

271-1~bpo11+1

271-1

272-1~bpo11+1

272-1

273-1~bpo11+1

273-1

274-1

276-1

277-1

278-1

279-1~bpo11+1

279-1

280-1

282-1~bpo11+1

282-1

283-1~bpo11+1

283-1

284-1~bpo11+1

284-1

285-1~bpo11+1

285-1

286-1~bpo11+1

286-1

287-1~bpo11+1

287-1

289-1

290-1

291-1

292-1

293-1

294-1

295-1

296-1

297-1~bpo12+1

297-1

298-1

299-1~bpo12+1

299-1

300-1

301-1~bpo12+1

301-1

302-1

303-1~bpo12+1

303-1

304-1

305-1~bpo12+1

305-1

306-1~bpo12+1

306-1

307-1~bpo12+1

307-1

308-1~bpo12+1

308-1

309-1~bpo12+1

309-1

310-1

311-1~bpo12+1

311-1

312-1

313-1

314-1

316-1

317-1

317-2

317-3

317-4

317-5

318-1

318-2

318-3

318-4~bpo12+1

318-4

319-1~bpo12+1

319-1

320-1~bpo12+1

320-1

321-1

322-1~bpo12+1

322-1

323-1~bpo12+1

323-1

324-1~bpo12+1

324-1

325-1~bpo12+1

325-1

326-1

327-1~bpo12+1

327-1

328-1

329-1~bpo12+1

329-1

330-1

330-2

330-3

330-4

331-1~bpo12+1

331-1

332-1

333-1~bpo12+1

333-1

334-1

335-1

335-2~bpo12+1

335-2

336-1

337-1~bpo12+1

337-1

338-1

339-1

340-1

342-1

343-1

345-1~bpo13+1

345-1

346-1~bpo13+1

346-1

276.*

276.1-1~bpo11+1

276.1-1

288.*

288.1-1

294.*

294.1-1

300.*

300.1-1~bpo12+1

300.1-1

310.*

310.1-1~bpo12+1

310.1-1

341.*

341.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cockpit

Package

Name: cockpit
Purl: pkg:deb/debian/cockpit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

254-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cockpit

Package

Name: cockpit
Purl: pkg:deb/debian/cockpit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

254-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / cockpit

Package

Name: cockpit
Purl: pkg:deb/debian/cockpit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

254-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}