CVE-2024-6126
Cockpit: authenticated user can kill any process when enabling pam_env's user_readenv option
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 3.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
03 jul 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L