Cockpit Package Vulnerability Leads to Denial of Service Attack

CVE-2024-6126

3.2LOW

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 July 2024

Summary

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: null to: 3.2 - (LOW)
Jul 3, 2024
Vulnerability published.
Jul 3, 2024
Vulnerability Reserved.
Jun 18, 2024
Reported to Red Hat.
Jun 18, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Paolo Perego (OpenSUSE) for reporting this issue.

.