It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
9.8CVSS
9.2AI Score
0.004EPSS
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
7.5CVSS
7.3AI Score
0.002EPSS