CVE-2024-2947

Summary

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

Affected Software

VendorProductVersion RangeStatus
270 < *affected
Red HatRed Hat Enterprise Linux 80:310.4-1.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 90:311.2-1.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 90:311.2-1.el9_4 < *unaffected

Weaknesses

  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Workarounds

Do not remove SOS reports with strange names from the Cockpit web interface.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References