High severityNVD Advisory· Published Feb 20, 2022· Updated Aug 4, 2024
CVE-2021-45083
CVE-2021-45083
Description
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cobblerPyPI | < 3.3.1 | 3.3.1 |
Affected products
10- ghsa-coords9 versionspkg:pypi/cobblerpkg:rpm/suse/cobbler&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/cobbler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/cobbler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%209
< 3.3.1+ 8 more
- (no CPE)range: < 3.3.1
- (no CPE)range: < 2.6.6-49.35.1
- (no CPE)range: < 2.2.2-0.68.15.1
- (no CPE)range: < 2.2.2-0.68.15.1
- (no CPE)range: < 2.6.6-49.35.1
- (no CPE)range: < 3.0.0+git20190806.32c4bae0-8.22.9.1
- (no CPE)range: < 3.1.2-150300.5.14.1
- (no CPE)range: < 2.6.6-49.35.1
- (no CPE)range: < 2.6.6-49.35.1
Patches
Vulnerability mechanics
References
15- github.com/advisories/GHSA-5946-mpw5-pqxxghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-45083ghsaADVISORY
- bugzilla.suse.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7ghsaWEB
- github.com/cobbler/cobbler/pull/2945ghsaWEB
- github.com/cobbler/cobbler/releasesghsax_refsource_MISCWEB
- github.com/cobbler/cobbler/releases/tag/v3.3.1ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIWghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLARghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBEghsaWEB
- www.openwall.com/lists/oss-security/2022/02/18/3ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.