CVE-2024-2947

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-2947
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2947.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-2947
Related
Published
2024-03-28T19:15:48Z
Modified
2024-09-18T03:26:13.291827Z
Summary
[none]
Details

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

References

Affected packages

Debian:12 / cockpit

Package

Name
cockpit
Purl
pkg:deb/debian/cockpit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
287.1-0+deb12u1

Affected versions

Other

287-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cockpit

Package

Name
cockpit
Purl
pkg:deb/debian/cockpit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
314-1

Affected versions

Other

287-1
289-1
290-1
291-1
292-1
293-1
294-1
295-1
296-1
297-1~bpo12+1
297-1
298-1
299-1~bpo12+1
299-1
300-1
301-1~bpo12+1
301-1
302-1
303-1~bpo12+1
303-1
304-1
305-1~bpo12+1
305-1
306-1~bpo12+1
306-1
307-1~bpo12+1
307-1
308-1~bpo12+1
308-1
309-1~bpo12+1
309-1
310-1
311-1~bpo12+1
311-1
312-1
313-1

288.*

288.1-1

294.*

294.1-1

300.*

300.1-1~bpo12+1
300.1-1

310.*

310.1-1~bpo12+1
310.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}