rpm package
suse/cobbler&distro=SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
pkg:rpm/suse/cobbler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-45083 | Hig | 7.1 | < 2.2.2-0.68.15.1 | 2.2.2-0.68.15.1 | Feb 20, 2022 | An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of | |
| CVE-2020-25592 | Cri | 9.8 | < 2.2.2-0.68.12.1 | 2.2.2-0.68.12.1 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | |
| CVE-2020-17490 | Med | 5.5 | < 2.2.2-0.68.12.1 | 2.2.2-0.68.12.1 | Nov 6, 2020 | The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | |
| CVE-2020-16846 | Cri | 9.8 | KEV | < 2.2.2-0.68.12.1 | 2.2.2-0.68.12.1 | Nov 6, 2020 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. |
| CVE-2018-10931 | Cri | 9.8 | < 2.2.2-0.68.6.1 | 2.2.2-0.68.6.1 | Aug 9, 2018 | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. | |
| CVE-2017-1000469 | Cri | 9.8 | < 2.2.2-0.68.3.1 | 2.2.2-0.68.3.1 | Jan 3, 2018 | Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. |
- affected < 2.2.2-0.68.15.1fixed 2.2.2-0.68.15.1
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of
- affected < 2.2.2-0.68.12.1fixed 2.2.2-0.68.12.1
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- affected < 2.2.2-0.68.12.1fixed 2.2.2-0.68.12.1
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
- affected < 2.2.2-0.68.12.1fixed 2.2.2-0.68.12.1
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
- affected < 2.2.2-0.68.6.1fixed 2.2.2-0.68.6.1
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
- affected < 2.2.2-0.68.3.1fixed 2.2.2-0.68.3.1
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.