CVE-2024-6126 โ€” Uncontrolled Resource Consumption in Cockpit

CWE-400 โ€” Uncontrolled Resource Consumption6 documents6 sources
Severity
3.2LOWNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Agentejo Cockpit
Timeline
PublishedJul 3

Description

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:LExploitability: 1.5 | Impact: 1.4

Affected Packages1 packages

โ–ถDebianagentejo/cockpit< 287.1-0+deb12u3+2

๐Ÿ”ดVulnerability Details

3
OSV
CVE-2024-6126: A flaw was found in the cockpit packageโ†—2024-07-03
โ–ถ
GHSA
GHSA-g6h4-j28x-38g5: A flaw was found in the cockpit packageโ†—2024-07-03
โ–ถ
CVEList
Cockpit: authenticated user can kill any process when enabling pam_env's user_readenv optionโ†—2024-07-03
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
cockpit: Authenticated user can kill any process when enabling pam_env's user_readenv optionโ†—2024-07-03
โ–ถ
Debian
CVE-2024-6126: cockpit - A flaw was found in the cockpit package. This flaw allows an authenticated user ...โ†—2024
โ–ถ
CVE-2024-6126 โ€” Uncontrolled Resource Consumption | cvebase