cockpit-project cockpit CVE-2019-3804 vulnerability in Cockpit Project and Other Products
Published on March 26, 2019

product logo product logo product logo
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

Vendor Advisory Vendor Advisory NVD

Weakness Type

Missing Initialization of Resource

The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.


Products Associated with CVE-2019-3804

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3804 are published in these products:

Cockpit Project Cockpit
 
Fedora Project Fedora
 
Red Hat Virtualization
 

Affected Versions

[UNKNOWN] cockpit Version 184 is affected by CVE-2019-3804

Exploit Probability

EPSS
4.47%
Percentile
88.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.