Cockpit-project - Cockpit CVE

Filtered by vendor Cockpit-project Subscribe

Filtered by product Cockpit

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-3804	3 Cockpit-project, Fedoraproject, Redhat	3 Cockpit, Fedora, Virtualization	2021-10-29	5.0 MEDIUM	7.5 HIGH
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

Vulnerabilities (CVE)