3.2
CVE-2024-6126
- EPSS 0.02%
- Published 03.07.2024 15:15:06
- Last modified 21.11.2024 09:49:01
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/cockpit-project/cockpit
≫
Package
cockpit
Default Statusaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:323.1-1.el9_5
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:323.1-1.el9_5
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 10
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 7
Default Statusunknown
VendorRed Hat
≫
Product
Red Hat Enterprise Linux 8
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.035 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 3.2 | 1.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.