Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2024-6126
3.2 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 9 months, 2 weeks ago
Cockpit: authenticated user can kill any process when enabling pam_env's user_readenv option

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

References

Affected products

cockpit
  • *

Matching in nixpkgs

pkgs.cockpit

Web-based graphical interface for servers

  • nixos-unstable 338
    • nixpkgs-unstable 338
    • nixos-unstable-small 338

Package maintainers