A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
Credits
Red Hat would like to thank xcuter (NAVER Cloud Security Analysis) for reporting this issue.
