{"id":"CVE-2024-2947","details":"A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.","modified":"2026-04-10T05:11:52.231473Z","published":"2024-03-28T19:15:48Z","related":["ALSA-2024:3667","ALSA-2024:3843"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3667"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3843"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2271614"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2024-2947"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNG7GXOZI6QH3OIQJYAYDB3CRRGH37Q5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3Q5SDIFACAY4VHACN5MMCMT3A53A3FB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQY2HGDJW2JY27ALTS4GEVZZJJ4XQ36/"}],"schema_version":"1.7.5"}