Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:2566

Опубликовано: 10 мая 2024
Источник: rocky
Оценка: Important

Описание

Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.

Security Fix(es):

  • pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
pcpx86_642.el9_4pcp-6.2.0-2.el9_4.x86_64.rpm
pcp-confx86_642.el9_4pcp-conf-6.2.0-2.el9_4.x86_64.rpm
pcp-develx86_642.el9_4pcp-devel-6.2.0-2.el9_4.x86_64.rpm
pcp-docnoarch2.el9_4pcp-doc-6.2.0-2.el9_4.noarch.rpm
pcp-export-pcp2elasticsearchx86_642.el9_4pcp-export-pcp2elasticsearch-6.2.0-2.el9_4.x86_64.rpm
pcp-export-pcp2graphitex86_642.el9_4pcp-export-pcp2graphite-6.2.0-2.el9_4.x86_64.rpm
pcp-export-pcp2influxdbx86_642.el9_4pcp-export-pcp2influxdb-6.2.0-2.el9_4.x86_64.rpm
pcp-export-pcp2jsonx86_642.el9_4pcp-export-pcp2json-6.2.0-2.el9_4.x86_64.rpm
pcp-export-pcp2sparkx86_642.el9_4pcp-export-pcp2spark-6.2.0-2.el9_4.x86_64.rpm
pcp-export-pcp2xmlx86_642.el9_4pcp-export-pcp2xml-6.2.0-2.el9_4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-3019

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-3019

CVSS3: 8.8
ubuntu
около 1 года назад

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

redhat логотип

CVE-2024-3019

CVSS3: 8.8
redhat
больше 1 года назад

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

nvd логотип

CVE-2024-3019

CVSS3: 8.8
nvd
около 1 года назад

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

debian логотип

CVE-2024-3019

CVSS3: 8.8
debian
около 1 года назад

A flaw was found in PCP. The default pmproxy configuration exposes the ...

rocky логотип

RLSA-2024:3264

rocky
около 1 года назад

Important: pcp security update