{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2023 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2021-3698","title":"Title"},{"category":"description","text":"A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2021-3698","url":"https://www.suse.com/security/cve/CVE-2021-3698"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1189894 for CVE-2021-3698","url":"https://bugzilla.suse.com/1189894"}],"title":"SUSE CVE CVE-2021-3698","tracking":{"current_release_date":"2023-10-04T02:09:43Z","generator":{"date":"2023-02-15T03:48:42Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2021-3698","initial_release_date":"2023-02-15T03:48:42Z","revision_history":[{"date":"2023-02-15T03:48:42Z","number":"2","summary":"Current version"},{"date":"2023-10-04T02:09:43Z","number":"3","summary":"Current version"}],"status":"interim","version":"3"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.1","product":{"name":"SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-microos:5.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.2","product":{"name":"SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-microos:5.2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.3","product":{"name":"SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.4","product":{"name":"SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Micro 5.5","product":{"name":"SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-micro:5.5"}}},{"category":"product_version","name":"cockpit","product":{"name":"cockpit","product_id":"cockpit","product_identification_helper":{"cpe":"cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"cockpit-bridge","product":{"name":"cockpit-bridge","product_id":"cockpit-bridge"}},{"category":"product_version","name":"cockpit-dashboard","product":{"name":"cockpit-dashboard","product_id":"cockpit-dashboard"}},{"category":"product_version","name":"cockpit-networkmanager","product":{"name":"cockpit-networkmanager","product_id":"cockpit-networkmanager"}},{"category":"product_version","name":"cockpit-selinux","product":{"name":"cockpit-selinux","product_id":"cockpit-selinux"}},{"category":"product_version","name":"cockpit-storaged","product":{"name":"cockpit-storaged","product_id":"cockpit-storaged"}},{"category":"product_version","name":"cockpit-system","product":{"name":"cockpit-system","product_id":"cockpit-system"}},{"category":"product_version","name":"cockpit-ws","product":{"name":"cockpit-ws","product_id":"cockpit-ws"}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-dashboard as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-dashboard"},"product_reference":"cockpit-dashboard","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.1","product_id":"SUSE Linux Enterprise Micro 5.1:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.1"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.2","product_id":"SUSE Linux Enterprise Micro 5.2:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.2"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-networkmanager as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-networkmanager"},"product_reference":"cockpit-networkmanager","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-selinux as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-selinux"},"product_reference":"cockpit-selinux","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-storaged as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-storaged"},"product_reference":"cockpit-storaged","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.3","product_id":"SUSE Linux Enterprise Micro 5.3:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.3"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-networkmanager as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-networkmanager"},"product_reference":"cockpit-networkmanager","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-selinux as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-selinux"},"product_reference":"cockpit-selinux","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-storaged as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-storaged"},"product_reference":"cockpit-storaged","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.4","product_id":"SUSE Linux Enterprise Micro 5.4:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.4"},{"category":"default_component_of","full_product_name":{"name":"cockpit as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit"},"product_reference":"cockpit","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"},{"category":"default_component_of","full_product_name":{"name":"cockpit-bridge as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit-bridge"},"product_reference":"cockpit-bridge","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"},{"category":"default_component_of","full_product_name":{"name":"cockpit-networkmanager as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager"},"product_reference":"cockpit-networkmanager","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"},{"category":"default_component_of","full_product_name":{"name":"cockpit-selinux as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit-selinux"},"product_reference":"cockpit-selinux","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"},{"category":"default_component_of","full_product_name":{"name":"cockpit-storaged as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit-storaged"},"product_reference":"cockpit-storaged","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"},{"category":"default_component_of","full_product_name":{"name":"cockpit-system as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit-system"},"product_reference":"cockpit-system","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"},{"category":"default_component_of","full_product_name":{"name":"cockpit-ws as component of SUSE Linux Enterprise Micro 5.5","product_id":"SUSE Linux Enterprise Micro 5.5:cockpit-ws"},"product_reference":"cockpit-ws","relates_to_product_reference":"SUSE Linux Enterprise Micro 5.5"}]},"vulnerabilities":[{"cve":"CVE-2021-3698","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3698"}],"notes":[{"category":"general","text":"A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.","title":"Vulnerability description"}],"product_status":{"known affected":["SUSE Linux Enterprise Micro 5.2:cockpit","SUSE Linux Enterprise Micro 5.2:cockpit-bridge","SUSE Linux Enterprise Micro 5.2:cockpit-system","SUSE Linux Enterprise Micro 5.2:cockpit-ws","SUSE Linux Enterprise Micro 5.3:cockpit","SUSE Linux Enterprise Micro 5.3:cockpit-bridge","SUSE Linux Enterprise Micro 5.3:cockpit-networkmanager","SUSE Linux Enterprise Micro 5.3:cockpit-selinux","SUSE Linux Enterprise Micro 5.3:cockpit-storaged","SUSE Linux Enterprise Micro 5.3:cockpit-system","SUSE Linux Enterprise Micro 5.3:cockpit-ws","SUSE Linux Enterprise Micro 5.4:cockpit","SUSE Linux Enterprise Micro 5.4:cockpit-bridge","SUSE Linux Enterprise Micro 5.4:cockpit-networkmanager","SUSE Linux Enterprise Micro 5.4:cockpit-selinux","SUSE Linux Enterprise Micro 5.4:cockpit-storaged","SUSE Linux Enterprise Micro 5.4:cockpit-system","SUSE Linux Enterprise Micro 5.4:cockpit-ws"],"known not affected":["SUSE Linux Enterprise Micro 5.1:cockpit","SUSE Linux Enterprise Micro 5.1:cockpit-bridge","SUSE Linux Enterprise Micro 5.1:cockpit-dashboard","SUSE Linux Enterprise Micro 5.1:cockpit-system","SUSE Linux Enterprise Micro 5.1:cockpit-ws","SUSE Linux Enterprise Micro 5.5:cockpit","SUSE Linux Enterprise Micro 5.5:cockpit-bridge","SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager","SUSE Linux Enterprise Micro 5.5:cockpit-selinux","SUSE Linux Enterprise Micro 5.5:cockpit-storaged","SUSE Linux Enterprise Micro 5.5:cockpit-system","SUSE Linux Enterprise Micro 5.5:cockpit-ws"]},"references":[{"category":"external","summary":"CVE-2021-3698","url":"https://www.suse.com/security/cve/CVE-2021-3698"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1189894 for CVE-2021-3698","url":"https://bugzilla.suse.com/1189894"}],"threats":[{"category":"impact","date":"2021-08-27T14:00:11Z","details":"important"}],"title":"CVE-2021-3698"}]}