Unrated severityNVD Advisory· Published Feb 17, 2020· Updated Aug 4, 2024
CVE-2020-1693
CVE-2020-1693
Description
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
56- osv-coords54 versionspkg:rpm/suse/branch-network-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/image-sync-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/pxe-default-image-sle15&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/pxe-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/python-susemanager-retail&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/redstone-xmlrpc&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/redstone-xmlrpc&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/supportutils-plugin-susemanager-proxy&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/system-lock-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/virtualization-host-formula&distro=SUSE%20Manager%20Server%20Module%204.0
< 0.1.1580471316.1839544-3.10.2+ 53 more
- (no CPE)range: < 0.1.1580471316.1839544-3.10.2
- (no CPE)range: < 0.1.1579102150.4716559-3.11.2
- (no CPE)range: < 4.0.11-3.9.2
- (no CPE)range: < 4.0.11-3.9.2
- (no CPE)range: < 4.0-9.10.2
- (no CPE)range: < 4.0-9.10.2
- (no CPE)range: < 0.1-4.7.2
- (no CPE)range: < 4.0.1-20200305173027
- (no CPE)range: < 0.1.1580384994.6076a7e-3.11.2
- (no CPE)range: < 2016.11.10-6.35.1
- (no CPE)range: < 2016.11.10-10.11.2
- (no CPE)range: < 1.0.1580471316.1839544-3.13.2
- (no CPE)range: < 1.1_20071120-0.11.3.1
- (no CPE)range: < 1.1_20071120-0.11.3.2
- (no CPE)range: < 0.17.0-4.3.2
- (no CPE)range: < 4.0.18-3.13.2
- (no CPE)range: < 2.8.25.14-3.32.1
- (no CPE)range: < 4.0.18-3.13.2
- (no CPE)range: < 2.8.4.6-3.12.1
- (no CPE)range: < 4.0.9-3.6.2
- (no CPE)range: < 4.0.30-3.23.3
- (no CPE)range: < 2.8.57.22-3.48.1
- (no CPE)range: < 4.0.30-3.23.3
- (no CPE)range: < 4.0.15-3.15.2
- (no CPE)range: < 2.8.8.14-3.23.1
- (no CPE)range: < 4.0.15-3.15.2
- (no CPE)range: < 4.0.12-3.13.2
- (no CPE)range: < 2.8.22.7-3.12.1
- (no CPE)range: < 4.0.12-3.13.2
- (no CPE)range: < 2.8.78.28-3.47.1
- (no CPE)range: < 4.0.31-3.23.1
- (no CPE)range: < 4.0.9-3.11.2
- (no CPE)range: < 2.8.7.10-3.25.1
- (no CPE)range: < 4.0.13-3.11.1
- (no CPE)range: < 2.8.18.6-3.12.1
- (no CPE)range: < 4.0.16-3.15.2
- (no CPE)range: < 4.0.19-3.18.3
- (no CPE)range: < 2.8.7.23-3.45.1
- (no CPE)range: < 4.0.19-3.18.3
- (no CPE)range: < 0.25-4.15.1
- (no CPE)range: < 0.25-3.3.2
- (no CPE)range: < 4.0.3-3.3.2
- (no CPE)range: < 4.0.3-3.3.2
- (no CPE)range: < 3.2.23-3.40.2
- (no CPE)range: < 4.0.22-3.20.3
- (no CPE)range: < 4.0-10.18.2
- (no CPE)range: < 4.0-10.18.2
- (no CPE)range: < 4.0.18-3.17.2
- (no CPE)range: < 3.2.30-3.44.1
- (no CPE)range: < 4.0.24-3.17.2
- (no CPE)range: < 3.2.19-3.35.1
- (no CPE)range: < 4.0.16-3.15.2
- (no CPE)range: < 0.2-4.5.1
- (no CPE)range: < 0.2-4.3.2
Patches
Vulnerability mechanics
References
3- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0cmitrex_refsource_MISC
- zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.