Cockpit is vulnerable to denial of service (DoS) attacks. The vulnerability exists because cockpit uses glib’s base64 decode functionality incorrectly. An unauthenticated attacker could cause the service to crash by sending a specially crafted request with an invalid base64-encoded cookie.
access.redhat.com/errata/RHSA-2019:0482
access.redhat.com/errata/RHSA-2019:1569
access.redhat.com/errata/RHSA-2019:1571
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804
github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
github.com/cockpit-project/cockpit/pull/10819