INFSA-2024:3667: Cockpit security update
Information about definition
Identificator: INFSA-2024:3667
Type: security
Release date: 2024-08-23 19:33:20 UTC
Information about package
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.
Vulnerabilities description
- CVE-2024-2947
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-2947
|
no information | 7.3 | no information |
Updated packages