CVE-2024-6126

Опубликовано: 03 июл. 2024

Источник: debian

EPSS Низкий

Описание

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cockpit	fixed	320-1		package
cockpit	fixed	287.1-0+deb12u3	bookworm	package
cockpit	ignored		bullseye	package

Примечания

Fixed by: https://github.com/cockpit-project/cockpit/commit/08965365ac311f906a520cbf65427742d5f84ba4 (320)
https://bugzilla.redhat.com/show_bug.cgi?id=2292897
https://bugzilla.redhat.com/show_bug.cgi?id=2290859

EPSS

Процентиль: 4%

0.00022

Низкий

Связанные уязвимости

CVE-2024-6126

CVSS3: 3.2

ubuntu

около 1 года назад

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

CVE-2024-6126

CVSS3: 3.2

redhat

около 1 года назад

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

CVE-2024-6126

CVSS3: 3.2

nvd

около 1 года назад

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

openSUSE-SU-2024:0206-1

suse-cvrf

около 1 года назад

Security update for cockpit

GHSA-g6h4-j28x-38g5

CVSS3: 3.2

github

около 1 года назад

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

EPSS

Процентиль: 4%

0.00022

Низкий