PT-2024-2657 · Cockpit+5 · Cockpit+5

Guilherme De Almeida Suckevicz

Published

2024-03-26

Updated

2025-07-24

CVE-2024-2947

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cockpit versions 270 and newer

Description A flaw was found in Cockpit, where deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue allows an attacker to execute arbitrary commands.

Recommendations For Cockpit versions 270 and newer, consider disabling the sosreport deletion feature via the Cockpit web interface until a patch is available. Restrict access to the Cockpit web interface to minimize the risk of exploitation. Avoid using crafted names when deleting sosreports to prevent command injection.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

ALSA-2024:3667

ALSA-2024:3843

BDU:2024-02724

CESA-2024_3667

CVE-2024-2947

DSA-5655-1

DSA-5655-2

INFSA-2024_3667

INFSA-2024_3843

RHSA-2024:3667

RHSA-2024:3843

RHSA-2024_3667

RHSA-2024_3843

RLSA-2024:3667

Affected Products

Almalinux

Centos

Cockpit

Red Hat

Red Os

Rocky Linux

PT-2024-2657 · Cockpit+5 · Cockpit+5

CVE-2024-2947

Weakness Enumeration

Related Identifiers

Affected Products

References · 35