Critical severity9.8OSV Advisory· Published Nov 18, 2024· Updated Apr 15, 2026
CVE-2024-47533
CVE-2024-47533
Description
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.get_shared_secret() always returns -1, which allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cobblerPyPI | >= 3.3.0, < 3.3.7 | 3.3.7 |
cobblerPyPI | >= 3.0.0, < 3.2.3 | 3.2.3 |
Affected products
41- Range: v3.0.0, v3.0.1, v3.1.0, …
- ghsa-coords40 versionspkg:pypi/cobblerpkg:rpm/opensuse/cobbler&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/cobbler&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cobbler&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/cobbler&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/cobbler&distro=SUSE%20Package%20Hub%2015%20SP6pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-config&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/uyuni-reportdb-schema&distro=SUSE%20Manager%20Server%20Module%204.3
>= 3.3.0, < 3.3.7+ 39 more
- (no CPE)range: >= 3.3.0, < 3.3.7
- (no CPE)range: < 3.3.7-bp155.2.3.2
- (no CPE)range: < 3.3.7-bp156.2.6.1
- (no CPE)range: < 3.3.7-1.1
- (no CPE)range: < 3.3.3-150400.5.52.3
- (no CPE)range: < 3.3.7-bp155.2.3.2
- (no CPE)range: < 3.3.7-bp156.2.6.1
- (no CPE)range: < 0.11.0-150400.3.21.4
- (no CPE)range: < 0.3.5-150400.3.36.13
- (no CPE)range: < 4.3.11-150400.3.21.6
- (no CPE)range: < 4.3.14-150400.3.122.1
- (no CPE)range: < 4.3.14-150400.3.90.1
- (no CPE)range: < 0.1.1723628891.ffb1da5-150400.3.18.4
- (no CPE)range: < 4.3.29-150400.3.42.8
- (no CPE)range: < 4.3.29-150400.3.42.8
- (no CPE)range: < 4.3.30-150400.3.47.16
- (no CPE)range: < 4.3.30-150400.3.47.16
- (no CPE)range: < 4.3.26-150400.3.36.7
- (no CPE)range: < 4.3.26-150400.3.36.7
- (no CPE)range: < 4.3.21-150400.3.33.11
- (no CPE)range: < 4.3.21-150400.3.33.11
- (no CPE)range: < 4.3.14-150400.3.18.6
- (no CPE)range: < 4.3.82-150400.3.96.1
- (no CPE)range: < 4.3.19-150400.3.29.9
- (no CPE)range: < 4.3.22-150400.3.29.2
- (no CPE)range: < 4.3.42-150400.3.52.1
- (no CPE)range: < 4.3.42-150400.3.52.1
- (no CPE)range: < 15.4.10-150400.3.29.4
- (no CPE)range: < 15.4.10-150400.3.29.4
- (no CPE)range: < 4.3.39-150400.3.58.5
- (no CPE)range: < 4.3.14-150400.9.66.2
- (no CPE)range: < 4.3.27-150400.3.45.11
- (no CPE)range: < 4.3.45-150400.3.55.4
- (no CPE)range: < 4.3.21-150400.3.35.2
- (no CPE)range: < 4.3.11-150400.3.21.6
- (no CPE)range: < 4.3.11-150400.3.21.6
- (no CPE)range: < 4.3.14-150000.1.27.4
- (no CPE)range: < 4.3.14-150000.1.27.4
- (no CPE)range: < 4.3.14-150000.1.27.4
- (no CPE)range: < 4.3.11-150400.3.18.12
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-m26c-fcgh-cp6hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47533ghsaADVISORY
- github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0nvdWEB
- github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2ddanvdWEB
- github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6hnvdWEB
News mentions
0No linked articles in our index yet.