7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.3%
Debian Security Advisory DSA-5655-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 04, 2024 https://www.debian.org/security/faq
Package : cockpit
CVE ID : CVE-2024-2947
It was discovered that Cockpit, a web console for Linux servers, was
susceptible to arbitrary command execution if an administrative user
was tricked into opening an sosreport file with a malformed filename.
For the stable distribution (bookworm), this problem has been fixed in
version 287.1-0+deb12u1.
We recommend that you upgrade your cockpit packages.
For the detailed security status of cockpit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cockpit
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cockpit-tests | < 287.1-0+deb12u1 | cockpit-tests_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-ws | < 287.1-0+deb12u1 | cockpit-ws_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-storaged | < 287.1-0+deb12u1 | cockpit-storaged_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit | < 287.1-0+deb12u1 | cockpit_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-system | < 287.1-0+deb12u1 | cockpit-system_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-pcp | < 287.1-0+deb12u1 | cockpit-pcp_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-bridge | < 287.1-0+deb12u1 | cockpit-bridge_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-networkmanager | < 287.1-0+deb12u1 | cockpit-networkmanager_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-doc | < 287.1-0+deb12u1 | cockpit-doc_287.1-0+deb12u1_all.deb |
Debian | 12 | all | cockpit-packagekit | < 287.1-0+deb12u1 | cockpit-packagekit_287.1-0+deb12u1_all.deb |
7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.3%