Описание
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Отчет
The Cockpit package, as shipped in Red Hat Enterprise Linux 7, 8.2, 8.4, and 8.6, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of Cockpit.
Меры по смягчению последствий
Do not remove SOS reports with strange names from the Cockpit web interface.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | cockpit | Not affected | ||
| Red Hat Enterprise Linux 8 | cockpit | Fixed | RHSA-2024:3667 | 06.06.2024 |
| Red Hat Enterprise Linux 9 | cockpit | Fixed | RHSA-2024:3843 | 11.06.2024 |
| Red Hat Enterprise Linux 9 | cockpit | Fixed | RHSA-2024:3843 | 11.06.2024 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
7.3 High
CVSS3