CVE-2019-3804

moderate-risk

Published 2019-03-26

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.

Do I need to act?

4.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (3)

Cockpit

Fedora

Virtualization

Affected Vendors

Redhat Fedoraproject Cockpit-Project

References (10)

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1569

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1571

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804

Patch https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12

Third Party Advisory https://github.com/cockpit-project/cockpit/pull/10819

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1569

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1571

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804

Patch https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12

Third Party Advisory https://github.com/cockpit-project/cockpit/pull/10819

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 8/34 · Low

Exposure 9/34 · Low