cbcvebase.
CVE-2024-6126
published 2024-07-03

CVE-2024-6126: A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which…

PriorityP49low3.2CVSS 3.1
AVLACLPRLUIRSCCNINAL
EPSS
0.27%
17.9th percentile
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

Affected

4 ranges
VendorProductVersion rangeFixed in
agentejocockpit>= 0 < 287.1-0+deb12u3287.1-0+deb12u3
agentejocockpit>= 0 < 320-1320-1
agentejocockpit>= 0 < 320-1320-1
debiancockpit< cockpit 287.1-0+deb12u3 (bookworm)cockpit 287.1-0+deb12u3 (bookworm)

CVSS provenance

nvdv3.13.2LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
osv3.2LOW
vendor_debian3.2LOW
vendor_redhat3.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.