Denial of Service Vulnerability in Cockpit Web Service by Red Hat
CVE-2019-3804

7.5HIGH

Key Information:

Vendor: [unknown]
Status: Cockpit
Vendor: CVE Published:; 26 March 2019

What is CVE-2019-3804?

A vulnerability in Cockpit prior to version 184 allows unauthenticated attackers to exploit the incorrect usage of glib's base64 decode functionality. By sending a specially crafted request with an invalid base64-encoded cookie, attackers can cause the web service to crash, resulting in a denial of service. This issue highlights the importance of input validation and the need for diligent monitoring of web service functionality.

Affected Version(s)

cockpit 184

References

https://access.redhat.com/errata/RHSA-2019:1569

vendor-advisory

https://access.redhat.com/errata/RHSA-2019:1571

vendor-advisory

https://github.com/cockpit-project/cockpit/pull/10819

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2019
Vulnerability Reserved
Jan 3, 2019

[unknown]

What is CVE-2019-3804?

Affected Version(s)

References

CVSS V3.1

Timeline