CVE-2024-2947
Cockpit: command injection when deleting a sosreport with a crafted name
Severity Score
7.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Se encontró una falla en Cockpit. Eliminar un informe sos con un nombre modificado a través de la interfaz web de Cockpit puede generar una vulnerabilidad de inyección de comandos, lo que resulta en una escalada de privilegios. Este problema afecta a las versiones 270 y posteriores de Cockpit.
It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.
*Credits:
Red Hat would like to thank xcuter (NAVER Cloud Security Analysis) for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-26 CVE Reserved
- 2024-03-28 CVE Published
- 2025-06-26 CVE Updated
- 2025-07-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:3667 | 2024-06-12 | |
| https://access.redhat.com/errata/RHSA-2024:3843 | 2024-06-12 | |
| https://access.redhat.com/security/cve/CVE-2024-2947 | 2024-06-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2271614 | 2024-06-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Exadata Dbserver Search vendor "Oracle" for product "Exadata Dbserver" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Rocky Search vendor "Rocky" | Linux Search vendor "Rocky" for product "Linux" | * | - |
Affected
| ||||||