CVE-2021-3660 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-3660 Interim 1 8 2025-02-17T00:59:38Z current 2021-08-01T00:44:59Z 2025-02-17T00:59:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-3660 Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Linux Enterprise Micro 5.1 cockpit cockpit-264.1-1.el8 cockpit-bridge cockpit-bridge-264.1-1.el8 cockpit-dashboard cockpit-doc-264.1-1.el8 cockpit-system cockpit-system-264.1-1.el8 cockpit-ws cockpit-ws-264.1-1.el8 cockpit-264.1-1.el8 as a component of SUSE Liberty Linux 8 cockpit-bridge-264.1-1.el8 as a component of SUSE Liberty Linux 8 cockpit-doc-264.1-1.el8 as a component of SUSE Liberty Linux 8 cockpit-system-264.1-1.el8 as a component of SUSE Liberty Linux 8 cockpit-ws-264.1-1.el8 as a component of SUSE Liberty Linux 8 cockpit as a component of SUSE Linux Enterprise Micro 5.1 cockpit-bridge as a component of SUSE Linux Enterprise Micro 5.1 cockpit-dashboard as a component of SUSE Linux Enterprise Micro 5.1 cockpit-system as a component of SUSE Linux Enterprise Micro 5.1 cockpit-ws as a component of SUSE Linux Enterprise Micro 5.1 Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. CVE-2021-3660 SUSE Liberty Linux 8:cockpit-264.1-1.el8 SUSE Liberty Linux 8:cockpit-bridge-264.1-1.el8 SUSE Liberty Linux 8:cockpit-doc-264.1-1.el8 SUSE Liberty Linux 8:cockpit-system-264.1-1.el8 SUSE Liberty Linux 8:cockpit-ws-264.1-1.el8 SUSE Linux Enterprise Micro 5.1:cockpit SUSE Linux Enterprise Micro 5.1:cockpit-bridge SUSE Linux Enterprise Micro 5.1:cockpit-dashboard SUSE Linux Enterprise Micro 5.1:cockpit-system SUSE Linux Enterprise Micro 5.1:cockpit-ws moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N