Red Hat Security Advisory: cockpit security update
A command injection vulnerability (CVE-2024-2947) exists in the Cockpit web-based server administration tool used in Red Hat Enterprise Linux 9. The flaw occurs when deleting a sosreport with a crafted name, allowing potential command injection. Red Hat has issued a security update addressing this moderate severity vulnerability. The update is available for multiple Red Hat Enterprise Linux 9 variants and architectures. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
CVE-2024-2947 is a command injection vulnerability in the Cockpit tool, which enables web-based administration of GNU/Linux servers. The vulnerability arises specifically when deleting a sosreport that has a specially crafted name, potentially allowing an attacker to execute arbitrary commands. Red Hat has released an official security update (RHSA-2024:3843) for Red Hat Enterprise Linux 9 to fix this issue. The vulnerability is categorized under CWE-77 (Improper Neutralization of Special Elements used in a Command).
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system with the privileges of the Cockpit service. This could lead to unauthorized system control or disruption of server management functions. However, no known exploits are currently reported in the wild.
Mitigation Recommendations
An official security update from Red Hat is available and should be applied to affected systems. The update addresses the command injection vulnerability in Cockpit when deleting sosreports with crafted names. Refer to Red Hat advisory RHSA-2024:3843 and the update instructions at https://access.redhat.com/articles/11258 for detailed remediation steps. Applying this update mitigates the vulnerability.
Red Hat Security Advisory: cockpit security update
Description
A command injection vulnerability (CVE-2024-2947) exists in the Cockpit web-based server administration tool used in Red Hat Enterprise Linux 9. The flaw occurs when deleting a sosreport with a crafted name, allowing potential command injection. Red Hat has issued a security update addressing this moderate severity vulnerability. The update is available for multiple Red Hat Enterprise Linux 9 variants and architectures. No known exploits are reported in the wild at this time.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-2947 is a command injection vulnerability in the Cockpit tool, which enables web-based administration of GNU/Linux servers. The vulnerability arises specifically when deleting a sosreport that has a specially crafted name, potentially allowing an attacker to execute arbitrary commands. Red Hat has released an official security update (RHSA-2024:3843) for Red Hat Enterprise Linux 9 to fix this issue. The vulnerability is categorized under CWE-77 (Improper Neutralization of Special Elements used in a Command).
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system with the privileges of the Cockpit service. This could lead to unauthorized system control or disruption of server management functions. However, no known exploits are currently reported in the wild.
Mitigation Recommendations
An official security update from Red Hat is available and should be applied to affected systems. The update addresses the command injection vulnerability in Cockpit when deleting sosreports with crafted names. Refer to Red Hat advisory RHSA-2024:3843 and the update instructions at https://access.redhat.com/articles/11258 for detailed remediation steps. Applying this update mitigates the vulnerability.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:3843
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4ea2e29bf47b500889ac
Added to database: 6/2/2026, 9:44:02 PM
Last enriched: 6/2/2026, 10:29:32 PM
Last updated: 6/3/2026, 4:59:13 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.