High severity7.3NVD Advisory· Published Mar 28, 2024· Updated Apr 15, 2026
CVE-2024-2947
CVE-2024-2947
Description
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- access.redhat.com/errata/RHSA-2024:3667nvd
- access.redhat.com/errata/RHSA-2024:3843nvd
- access.redhat.com/security/cve/CVE-2024-2947nvd
- bugzilla.redhat.com/show_bug.cginvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNG7GXOZI6QH3OIQJYAYDB3CRRGH37Q5/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3Q5SDIFACAY4VHACN5MMCMT3A53A3FB/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQY2HGDJW2JY27ALTS4GEVZZJJ4XQ36/nvd
News mentions
0No linked articles in our index yet.