Denial Of Service (DoS)

spacewalk-backend is vulnerable to denial of service. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. The NULL organization stores packages synced from RHN Hosted. Although an attacker cannot put...

Information Disclosure

spacewalk-backend is vulnerable to information disclosure. The vulnerability exists when a user submitted a system registration XML-RPC call to an RHN Satellite server for example, by running "rhnregks" and that call failed, their RHN user password was included in plain text in the error messages...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...

Cross-site Scripting (XSS)

spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...

Cross-site Scripting (XSS)

spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as multiple cross-site scripting XSS flaws were found in the RHN Satellite web interface. A remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web...

Open Redirect

spacewalk-web is vulnerable to open redirect. The vulnerability exists as a remote attacker able to trick a victim to open the login page using a specially-crafted link could redirect the victim to an arbitrary page after they successfully log in...

Privilege Escalation

spacewalk-java is vulnerable to privilege escalation. The vulnerability exists as it was found that RHN Satellite did not protect against Cross-Site Request Forgery CSRF attacks. If an authenticated RHN Satellite user visited a specially-crafted web page, it could lead to unauthorized command...

Session Fixation

spacewalk is vulnerable to session fixation. A session fixation flaw was found in the way RHN Satellite Server handled session cookies. An RHN Satellite Server user able to pre-set the session cookie in a victim's browser to a valid value could use this flaw to hijack the victim's session after t...

Information Disclosure

spacewalk is vulnerable to information disclosure. A flaw was found in the way RHN Satellite Server managed user authentication. A time delay was not inserted after each failed log in, which could allow a remote attacker to conduct a password guessing attack efficiently...

Authorization Bypass

spacewalk-config is vulnerable to authorization bypass. The vulnerability exists as RHN Satellite incorrectly exposed an obsolete XML-RPC API for configuring package group comps.xml files for channels. An authenticated user could use this flaw to gain access to arbitrary files accessible to the R...

Authentication Bypass

spacewalk-config is vulnerable to authentication bypass. The vulnerability exists as a flaw was found in the way RHN Satellite rewrote certain URLs. An unauthenticated user could use a specially-crafted HTTP request to obtain sensitive information about the host system RHN Satellite was running o...

SUSE-SU-2020:0670-1 Recommended update for SUSE Manager Server 3.2

This update fixes the following issues: spacewalk-setup: - Create AJP connector for tomcat if it does not exist bsc1165927, bsc1166388 How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either...

spacewalk code issue vulnerability

spacewalk is an open source Linux system management solution. A code issue vulnerability exists in Spacewalk 2.9 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a networked system or product. No detailed vulnerability details are...

CVE-2020-1693

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...

CVE-2020-1693

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...

Design/Logic Flaw

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...

CVE-2020-1693

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...

CVE-2020-1693

CVE-2020-1693 affects Spacewalk up to version 2.9. It is an XML External Entity (XXE) vulnerability exposed via the /rpc/api endpoint, allowing an unauthenticated remote attacker to read files and potentially trigger a denial of service or, in some cases, execute arbitrary code on the Spacewalk s...

CVE-2020-1693

A flaw was found in Spacewalk where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on t...

ALBA-2019:3474 satellite-5-client module update

Satellite 5 client module provides programs and libraries that allow your system to use provisioning, monitoring, and configuration management capabilities provided by AlmaLinux Satellite 5. This update fixes the following bugs: A build dependency on Python 2 gtk-builder-convert has been dropped...