Privilege Escalation

spacewalk-backend is vulnerable to privilege escalation attacks. The vulnerability exists as it was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting. A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this...

XML External Entity (XXE)

spacewalk-java is vulnerable to XML External Entity XXE attacks. The vulnerability exists as the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists through multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists through multiple cross-site scripting XSS vulnerabilities in spacewalk-java in Spacewalk and Red Hat Network RHN Satellite allow remote attackers to inject arbitrary web script or HTML via unspecified vecto...

Privilege Escalation

spacewalk-java is vulnerable to privilege escalation attacks. The vulnerability exists as Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not...

Cross-site Scripting (XSS)

spacewalk is vulnerable to cross-site scripting XSS. A remote authenticated user is able to inject arbitrary Javascript into another user's by creating a malicious note containing Javascript code, which will execute when viewed and loaded on the victim's browser...

Information Disclosure

spacewalk-backend is vulnerable to information disclosure attacks. The vulnerability exists as the Inter-Satellite Sync ISS operation in Red Hat Network RHN Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skippi...

CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

Authorization

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

CVE-2017-7470

CVE-2017-7470 : The issue affects Red Hat SUSE-managed Spacewalk infrastructure where the backend component spacewalk-channel (backend/server/rhnChannel.py) fails an authorization check, allowing a non-admin or disabled user to perform administrative tasks. Public references in the provided docum...

SUSE-SU-2018:1751-1 Security update for SUSE Manager Server 3.1

This update provides the following fixes and improvements for SUSE Manager Server 3.1: The following new package has been added: py26-compat-salt: This package provides compatibility with Python 2.6 for salt. This update includes the following new features: fate325476 Additonally, the following...

Red Hat Spacewalk XML External Entity Injection Vulnerability

Red Hat Spacewalk is the United States Red Hat Red Hat, Inc. based on the Red Hat Network Satellite a set of system management platform and the development of open source Linux system management solutions. The solution provides statistical system information, install and update software, collect...

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...

Design/Logic Flaw

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...