{"id":"CVE-2021-3660","details":"Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an \u003ciFrame\u003e HTML entry. This may be used by a malicious website in clickjacking or similar attacks.","modified":"2026-05-15T12:04:11.157416390Z","published":"2022-03-10T17:42:55.647Z","related":["ALSA-2022:2008"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.0"}],"vendor_product":"redhat:enterprise_linux","source":"CPE_FIELD"}]},"references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980688"},{"type":"FIX","url":"https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10"},{"type":"FIX","url":"https://github.com/cockpit-project/cockpit/issues/16122"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}