Software Detail

Software Informaton Top

System Management Tool

Software Detail

Cockpit

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://cockpit-project.org/
Explanation	It is a tool to manage Linux with a web interface like Webmin. Cockpit aims to be intuitive and easy to use without having to read help files. The goal seems to be to have a default installation with no more than minimal installation.
Tag	LGPL 2.1+

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date
1	Cockpit	360	April 18, 2026
2		0.63
3		0.62
4		0.61
5		0.60
6		0.6
7		0.59
8		0.58
9		0.57
10		0.56
11		0.55
12		0.54
13		0.53
14		0.52
15		0.51
16		0.50
17		0.5
18		0.49
19		0.48
20		0.47
21		0.46
22		0.45
23		0.44
24		0.43
25		0.42
26		0.41
27		0.40
28		0.4
29		0.39
30		0.38
31		0.37
32		0.36
33		0.35
34		0.34
35		0.33
36		0.32
37		0.31
38		0.30
39		0.3
40		0.29
41		0.28
42		0.27
43		0.26
44		0.25
45		0.24
46		0.23
47		0.22
48		0.21
49		0.20
50		0.2
51		0.19
52		0.18
53		0.17
54		0.16
55		0.15
56		0.14
57		0.13
58		0.12
59		0.117
60		0.116
61		0.115
62		0.114
63		0.113
64		0.112
65		0.111
66		0.110
67		0.11
68		0.109
69		0.108
70		0.107
71		0.106
72		0.105
73		0.104
74		0.103
75		0.102
76		0.101
77		0.100
78		0.10
79		0.0.1
80		255.1
81		251.3
82		251.2
83		251.1
84		244.1
85		238.2
86		238.1
87		184.1
88		173.2
89		173.1
90		1.2.0
91		1.1.0
92		1.0.0
93		0.99
94		0.98
95		0.97
96		0.96
97		0.95
98		0.94
99		0.93
100		0.92
101		0.91
102		0.90
103		0.9
104		0.89
105		0.88
106		0.87
107		0.86
108		0.85
109		0.84
110		0.83
111		0.82
112		0.81
113		0.80
114		0.8
115		0.79
116		0.78
117		0.77
118		0.76
119		0.75
120		0.74
121		0.73
122		0.72
123		0.71
124		0.70
125		0.7
126		0.69
127		0.68
128		0.67
129		0.66
130		0.65
131		0.64

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	less than	Update date Published date	Show Affected	Exploit PoC Search
1	7.5 5.0	HIGH Network	A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates t…	CWE-295 Improper Certificate Validation	CVE-2021-3698	cpe:2.3:a:cockpit-project:cockpit::	260	2024-11-21 15:22 2022-03-11	Show	GitHub Exploit DB Packet Storm

2	4.3 4.3	MEDIUM Network	Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be use…	-	CVE-2021-3660	cpe:2.3:a:cockpit-project:cockpit::	254	2024-11-21 15:22 2022-03-11	Show	GitHub Exploit DB Packet Storm

3	6.5 4.0	MEDIUM Network	An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2020-35850	cpe:2.3:a:cockpit-project:cockpit:234:*		2024-11-21 14:28 2020-12-30	Show	GitHub Exploit DB Packet Storm

4	7.5 5.0	HIGH Network	It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted re…	CWE-909 Missing Initialization of Resource	CVE-2019-3804	cpe:2.3:a:cockpit-project:cockpit::	184	2024-11-21 13:42 2019-03-27	Show	GitHub Exploit DB Packet Storm