A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-03-28T18:31:59.249Z
Updated: 2024-09-16T18:40:58.509Z
Reserved: 2024-03-26T16:48:38.370Z
Link: CVE-2024-2947
Vulnrichment
Updated: 2024-08-01T19:32:42.293Z
NVD
Status : Awaiting Analysis
Published: 2024-03-28T19:15:48.693
Modified: 2024-09-16T19:16:09.530
Link: CVE-2024-2947
Redhat