CVE-2019-3804

Sažetak

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

Reference

https://github.com/cockpit-project/cockpit/pull/10819
https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804
https://access.redhat.com/errata/RHSA-2019:1569
https://access.redhat.com/errata/RHSA-2019:1571

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

07-11-2022 - 19:03

Objavljeno

26-03-2019 - 18:29