A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
References
Configurations
No configuration.
History
21 Nov 2024, 09:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/errata/RHSA-2024:2566 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3264 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3321 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3322 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3323 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3324 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3325 - | |
References | () https://access.redhat.com/errata/RHSA-2024:3392 - | |
References | () https://access.redhat.com/security/cve/CVE-2024-3019 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2271898 - |
28 May 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
28 Mar 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-28 19:15
Updated : 2024-11-21 09:28
NVD link : CVE-2024-3019
Mitre link : CVE-2024-3019
CVE.ORG link : CVE-2024-3019
JSON object : View
Products Affected
No product.
CWE
CWE-668
Exposure of Resource to Wrong Sphere