{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3019", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-03-27T17:41:16.708Z", "datePublished": "2024-03-28T18:32:43.298Z", "dateUpdated": "2024-09-16T19:04:48.424Z"}, "containers": {"cna": {"title": "Pcp: exposure of the redis server backend allows remote command execution via pmproxy", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.3.7-20.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.0.2-8.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.2.5-7.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.2.5-7.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.2.5-7.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.3.5-9.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.3.7-18.el8_8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:6.2.0-2.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:5.3.5-9.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "affected", "versions": [{"version": "0:6.0.1-6.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pcp", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2566", "name": "RHSA-2024:2566", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3264", "name": "RHSA-2024:3264", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3321", "name": "RHSA-2024:3321", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3322", "name": "RHSA-2024:3322", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3323", "name": "RHSA-2024:3323", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3324", "name": "RHSA-2024:3324", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3325", "name": "RHSA-2024:3325", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3392", "name": "RHSA-2024:3392", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3019", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898", "name": "RHBZ#2271898", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-03-27T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-668: Exposure of Resource to Wrong Sphere", "workarounds": [{"lang": "en", "value": "To mitigate this flaw, stop and disable the pmproxy.service or disable the Redis server backend via the pmproxy configuration file.\n\nTo stop and disable the pmproxy.service, run the following command:\n~~~\n# systemctl disable --now pmproxy.service\n~~~\n\nTo disable the Redis backend server via the pmproxy configuration file:\n~~~\n# sed -i 's/redis.enabled = true/redis.enabled = false/g' /etc/pcp/pmproxy/pmproxy.conf\n# systemctl restart pmproxy.service\n~~~"}], "timeline": [{"lang": "en", "time": "2024-03-27T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-03-27T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jihwan Yoon (NAVER Cloud Security Analysis) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T19:04:48.424Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:20:31.653267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:49.182Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.516Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2566", "name": "RHSA-2024:2566", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3264", "name": "RHSA-2024:3264", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3321", "name": "RHSA-2024:3321", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3322", "name": "RHSA-2024:3322", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3323", "name": "RHSA-2024:3323", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3324", "name": "RHSA-2024:3324", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3325", "name": "RHSA-2024:3325", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3392", "name": "RHSA-2024:3392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3019", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898", "name": "RHBZ#2271898", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2566", "name": "RHSA-2024:2566", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3264", "name": "RHSA-2024:3264", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3321", "name": "RHSA-2024:3321", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3322", "name": "RHSA-2024:3322", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3323", "name": "RHSA-2024:3323", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3324", "name": "RHSA-2024:3324", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3325", "name": "RHSA-2024:3325", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3392", "name": "RHSA-2024:3392", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3019", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898", "name": "RHBZ#2271898", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.516Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:20:31.653267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T19:20:39.413Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Pcp: exposure of the redis server backend allows remote command execution via pmproxy", "credits": [{"lang": "en", "value": "Red Hat would like to thank Jihwan Yoon (NAVER Cloud Security Analysis) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:5.3.7-20.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:5.0.2-8.el8_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:5.2.5-7.el8_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:5.2.5-7.el8_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:5.2.5-7.el8_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:5.3.5-9.el8_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:5.3.7-18.el8_8", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:6.2.0-2.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:5.3.5-9.el9_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:6.0.1-6.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "pcp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-03-27T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-03-27T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-03-27T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2566", "name": "RHSA-2024:2566", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3264", "name": "RHSA-2024:3264", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3321", "name": "RHSA-2024:3321", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3322", "name": "RHSA-2024:3322", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3323", "name": "RHSA-2024:3323", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3324", "name": "RHSA-2024:3324", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3325", "name": "RHSA-2024:3325", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3392", "name": "RHSA-2024:3392", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3019", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898", "name": "RHBZ#2271898", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "To mitigate this flaw, stop and disable the pmproxy.service or disable the Redis server backend via the pmproxy configuration file.\n\nTo stop and disable the pmproxy.service, run the following command:\n~~~\n# systemctl disable --now pmproxy.service\n~~~\n\nTo disable the Redis backend server via the pmproxy configuration file:\n~~~\n# sed -i 's/redis.enabled = true/redis.enabled = false/g' /etc/pcp/pmproxy/pmproxy.conf\n# systemctl restart pmproxy.service\n~~~"}], "descriptions": [{"lang": "en", "value": "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-668", "description": "Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T19:04:48.424Z"}, "x_redhatCweChain": "CWE-668: Exposure of Resource to Wrong Sphere"}}, "cveMetadata": {"cveId": "CVE-2024-3019", "state": "PUBLISHED", "dateUpdated": "2024-09-16T19:04:48.424Z", "dateReserved": "2024-03-27T17:41:16.708Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-03-28T18:32:43.298Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en PCP. La configuraci\u00f3n predeterminada de pmproxy expone el backend del servidor Redis a la red local, lo que permite la ejecuci\u00f3n remota de comandos con los privilegios del usuario de Redis. Este problema s\u00f3lo puede explotarse cuando pmproxy se est\u00e1 ejecutando. De forma predeterminada, pmproxy no se ejecuta y debe iniciarse manualmente. El servicio pmproxy normalmente se inicia desde la p\u00e1gina 'Configuraci\u00f3n de m\u00e9tricas' de la interfaz web de Cockpit. Esta falla afecta a las versiones de PCP 4.3.4 y posteriores."}], "id": "CVE-2024-3019", "lastModified": "2024-05-28T19:15:11.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-03-28T19:15:49.160", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2566"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3264"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3321"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3322"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3323"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3324"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3325"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3392"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3019"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jihwan Yoon (NAVER Cloud Security Analysis) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:3264", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pcp-0:5.3.7-20.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3392", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "pcp-0:5.0.2-8.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:3323", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "pcp-0:5.2.5-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3323", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "pcp-0:5.2.5-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3323", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "pcp-0:5.2.5-7.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3324", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "pcp-0:5.3.5-9.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3322", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "pcp-0:5.3.7-18.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2566", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "pcp-0:6.2.0-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:3325", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "pcp-0:5.3.5-9.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3321", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "pcp-0:6.0.1-6.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-05-23T00:00:00Z"}], "bugzilla": {"description": "pcp: exposure of the redis server backend allows remote command execution via pmproxy", "id": "2271898", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-668", "details": ["A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.", "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw, stop and disable the pmproxy.service or disable the Redis server backend via the pmproxy configuration file.\nTo stop and disable the pmproxy.service, run the following command:\n~~~\n# systemctl disable --now pmproxy.service\n~~~\nTo disable the Redis backend server via the pmproxy configuration file:\n~~~\n# sed -i 's/redis.enabled = true/redis.enabled = false/g' /etc/pcp/pmproxy/pmproxy.conf\n# systemctl restart pmproxy.service\n~~~"}, "name": "CVE-2024-3019", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pcp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pcp", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3019\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3019"], "statement": "As this flaw allows a attacker from the local network to execute arbitrary code and it requires the pmproxy service to be running, which is not the default, it has been rated with an important severity.\nPCP, as shipped in Red Hat Enterprise Linux 6 and 7, is not affected by this vulnerability because the Redis server backend is not enabled and exposed via pmproxy. Additionally, RHEL9 is not exploitable if the redis:7 module is installed instead of the default Redis version 6.", "threat_severity": "Important"}