Описание
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
Отчет
Red Hat Enterprise Linux (RHEL) ships binary packages built from the cockpit source RPM, which was affected by this flaw and subsequently updated to address the issue. All OpenShift Container Platform (OCP) versions to date ship with an image that contains a cockpit-kubernetes RPM, built separately from the same cockpit SRPM. The cockpit-kubernetes RPM is not affected by this vulnerability as it does not contain the affected code, thus OCP is also marked "not affected". Updates for all other cockpit RPMs should be applied from the appropriate RHEL channels.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.10 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.6 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.7 | cockpit | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | cockpit | Not affected | ||
| Red Hat Enterprise Linux 7 | cockpit | Fixed | RHSA-2019:0482 | 13.03.2019 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | redhat-release-virtualization-host | Fixed | RHSA-2019:1569 | 20.06.2019 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
It was found that cockpit before version 184 used glib's base64 decode ...
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
7.5 High
CVSS3