CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2020-1693
https://notcve.org/view.php?id=CVE-2020-1693
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server. Se dertectó un fallo en Spacewalk hasta la versión 2.9, donde era vulnerable a ataques de entidades internas XML por medio del endpoint /rpc/api. Un atacante remoto no autenticado podría utilizar este fallo para recuperar el contenido de ciertos archivos y desencadenar una denegación de servicio, o en determinadas circunstancias, ejecutar código arbitrario en el servidor de Spacewalk. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693 https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10136 – spacewalk: Insecure computation of authentication signatures during user authentication
https://notcve.org/view.php?id=CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. Se encontró que Spacewalk, en todas las versiones hasta la 2.8, no computaba de forma segura las sumas de comprobación de token del cliente. Un atacante con un conjunto de encabezados válidos, pero expirados y autenticados, podría mover algunos dígitos, extendiendo artificialmente la validez de la sesión sin modificar la suma de comprobación. It was found that Spacewalk did not safely compute client token checksums. • http://www.securityfocus.com/bid/109029 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136 https://access.redhat.com/security/cve/CVE-2019-10136 https://bugzilla.redhat.com/show_bug.cgi?id=1708696 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10137 – spacewalk-proxy: Path traversal in proxy authentication cache
https://notcve.org/view.php?id=CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. Se encontró un fallo de salto de ruta (path) en el proxy de spacewalk, en todas las versiones hasta la 2.8, en la manera en que el proxy procesa los tokens del cliente en la caché. Un atacante remoto no autenticado podría utilizar este fallo para probar la existencia de archivos arbitrarios, si tienen acceso al sistema de archivos del proxy, o si pueden ejecutar código arbitrario en el contexto del proceso httpd. A path traversal flaw was found in the way the proxy processes cached client tokens. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 https://access.redhat.com/security/cve/CVE-2019-10137 https://bugzilla.redhat.com/show_bug.cgi?id=1702604 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3344 – Satellite/Spacewalk: XSS on the Lost Password page
https://notcve.org/view.php?id=CVE-2011-3344
Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de XSS en el formulario de recuperación de usuario/contraseña en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web arbitrario o HTML a través de la URL. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=731647 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-3344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1594 – Spacewalk: login page open redirect via url_bounce
https://notcve.org/view.php?id=CVE-2011-1594
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. Vulnerabilidad de redirección abierta en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y efectuar ataques de phishing a través de una URL en el parámetro url_bounce. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=672167 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-1594 • CWE-20: Improper Input Validation •