9 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Una Autorización Inapropiada en el repositorio GitHub cobbler/cobbler versiones anteriores a 3.3.2 • https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. • https://bugzilla.suse.com/show_bug.cgi?id=1193671 https://github.com/cobbler/cobbler/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE https://www.openwall.com/lists/oss-security/2022/02/18/3 • CWE-276: Incorrect Default Permissions •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. Se ha detectado un problema en Cobbler versiones hasta 3.3.1. Las rutinas en varios archivos usan el protocolo HTTP en lugar del más seguro HTTPS • http://www.openwall.com/lists/oss-security/2022/02/18/3 https://bugzilla.suse.com/show_bug.cgi?id=1193683 https://github.com/cobbler/cobbler/releases • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) Se ha detectado un problema en Cobbler versiones hasta 3.3.0. En el archivo templar.py, la función check_for_invalid_imports puede permitir que el código Cheetah importe módulos de Python por medio de la subcadena "#from MODULE import". • https://bugzilla.suse.com/show_bug.cgi?id=1193678 https://github.com/cobbler/cobbler/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Cobbler before 3.3.0 allows authorization bypass for modification of settings. Cobbler versiones anteriores a 3.3.0, permite omitir una autorización para modificar la configuración • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a https://github.com/cobbler/cobbler/releases/tag/v3.3.0 •