CVE-2019-3804

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:1569	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1571	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804	Issue Tracking Patch Third Party Advisory
https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12	Patch Third Party Advisory
https://github.com/cockpit-project/cockpit/pull/10819	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-26 18:29

Updated : 2024-02-28 17:08

NVD link : CVE-2019-3804

Mitre link : CVE-2019-3804

CVE.ORG link : CVE-2019-3804

JSON object : View

Products Affected

redhat

virtualization

cockpit-project

cockpit

fedoraproject

fedora

CWE

CWE-909

Missing Initialization of Resource

{"id": "CVE-2019-3804", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-26T18:29:00.543", "references": [{"url": "https://access.redhat.com/errata/RHSA-2019:1569", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1571", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/cockpit-project/cockpit/pull/10819", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-909"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-909"}]}], "descriptions": [{"lang": "en", "value": "It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash."}, {"lang": "es", "value": "Se ha detectado que cockpit, en versiones anteriores a la 184, empleaba incorrectamente la funcionalidad de descodificaci\u00f3n de base64 de glib, lo que resultaba en un ataque de denegaci\u00f3n de servicio (DoS). Un atacante no autenticado podr\u00eda enviar una petici\u00f3n especialmente manipulada con una cookie no v\u00e1lida codificada en base64, lo que podr\u00eda provocar el cierre inesperado del servicio web."}], "lastModified": "2022-11-07T19:03:02.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cockpit-project:cockpit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2CEED97-8131-48FF-A4FC-3A13FFC37788", "versionEndExcluding": "184"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}