CVE-2024-3019: 
Rocky Linux vulnerability analysis and mitigation

A vulnerability was discovered in Performance Co-Pilot (PCP) affecting versions 4.3.4 and newer, identified as CVE-2024-3019. The flaw exists in the default pmproxy configuration which exposes the Redis server backend to the local network, enabling remote command execution with Redis user privileges. This vulnerability is only exploitable when pmproxy is running, which by default is not active and requires manual activation, typically through the 'Metrics settings' page of the Cockpit web interface (NVD, Red Hat Bugzilla).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The technical root cause involves the pmproxy configuration that incorrectly exposes the Redis server backend to the local network. The issue has been classified under CWE-668 (Exposure of Resource to Wrong Sphere) (NVD).

When exploited, this vulnerability allows an attacker to execute remote commands with the privileges of the Redis user through the exposed Redis server backend. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been patched in multiple Red Hat Enterprise Linux versions through various security advisories. An upstream fix has been implemented through commit 3bde240a2acc85e63e2f7813330713dd9b59386e. Users are advised to apply the appropriate security updates for their specific version of RHEL (Red Hat Bugzilla).