CVE-2024-2947

Public on

Last Modified: UTC

ModerateModerate ImpactWhat does this mean?
DescriptionStatementMitigationAdditional informationAffected PackagesCVSS Score DetailsWeakness (CWE)AcknowledgementsFAQ

Description

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.

Statement

The Cockpit package, as shipped in Red Hat Enterprise Linux 7, 8.2, 8.4, and 8.6, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of Cockpit.

The Cockpit package, as shipped in Red Hat Enterprise Linux 7, 8.2, 8.4, and 8.6, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of Cockpit.

Mitigation

Do not remove SOS reports with strange names from the Cockpit web interface.

Additional information

  • Bugzilla 2271614: cockpit: command injection when deleting a sosreport with a crafted name
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • FAQ: Frequently asked questions about CVE-2024-2947

Common Vulnerability Scoring System (CVSS) Score Details

Important note

CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat's score and impact rating can be different from NVD and other vendors. Red Hat remains the authoritative CVE Naming Authority (CNA) source for its products and services (see Red Hat classifications).

CVSS v3 Score Breakdown
Red HatNVD

CVSS v3 Base Score

7.3

N/A

Attack Vector

Local

N/A

Attack Complexity

Low

N/A

Privileges Required

Low

N/A

User Interaction

Required

N/A

Scope

Unchanged

N/A

Confidentiality Impact

High

N/A

Integrity Impact

High

N/A

Availability Impact

High

N/A

CVSS v3 Vector

Red Hat: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Understanding the Weakness (CWE)

CWE-77

Integrity,Confidentiality,Availability

Technical Impact: Execute Unauthorized Code or Commands

If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed. This gives an attacker a privilege or capability that they would not otherwise have.

Acknowledgements

Red Hat would like to thank xcuter (NAVER Cloud Security Analysis) for reporting this issue.

Frequently Asked Questions

Why is Red Hat's CVSS v3 score or Impact different from other vendors?

My product is listed as "Under investigation" or "Affected", when will Red Hat release a fix for this vulnerability?

What can I do if my product is listed as "Will not fix"?

What can I do if my product is listed as "Fix deferred"?

What is a mitigation?

I have a Red Hat product but it is not in the above list, is it affected?

Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed or not affected?

Want to get errata notifications? Sign up here.