CVE-2024-2947

🗓️ 28 Mar 2024 18:31:59Reported by redhatType

Cockpit command injection vulnerability in sosreport deletion

Reporter	Title	Published	Views	Family All 55
Tenable Nessus	Alibaba Cloud Linux 3 : 0126: cockpit (ALINUX3-SA-2024:0126)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : cockpit (ALSA-2024:3667)	6 Jun 202400:00	–	nessus
Tenable Nessus	AlmaLinux 9 : cockpit (ALSA-2024:3843)	14 Jun 202400:00	–	nessus
Tenable Nessus	Debian dsa-5655 : cockpit - security update	18 Apr 202400:00	–	nessus
Tenable Nessus	Fedora 38 : cockpit (2024-31e83b461d)	18 Apr 202400:00	–	nessus
Tenable Nessus	Fedora 40 : cockpit (2024-4e95f130fc)	29 Apr 202400:00	–	nessus
Tenable Nessus	Fedora 39 : cockpit (2024-6065341780)	30 Mar 202400:00	–	nessus
Tenable Nessus	MiracleLinux 9 : cockpit-311.2-1.el9_4.ML.1 (AXSA:2024-8451:13)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : cockpit-310.4-1.el8_10.ML.1 (AXSA:2024-8473:14)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : cockpit (ELSA-2024-3667)	6 Jun 202400:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "270",
        "lessThan": "*",
        "versionType": "semver"
      }
    ],
    "packageName": "cockpit",
    "collectionURL": "https://github.com/cockpit-project/cockpit/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cockpit",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:310.4-1.el8_10",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cockpit",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:311.2-1.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cockpit",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:311.2-1.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cockpit",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "cockpit",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:3843
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-2947
access	www.access.redhat.com/errata/RHSA-2024:3667
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/PIQY2HGDJW2JY27ALTS4GEVZZJJ4XQ36/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/KNG7GXOZI6QH3OIQJYAYDB3CRRGH37Q5/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/N3Q5SDIFACAY4VHACN5MMCMT3A53A3FB/

15 Apr 2026 00:35Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.3

EPSS0.00031

SSVC

CWE-77