Spacewalk Security Vulnerabilities and Issues — Spacewalk CVE List

Lucene search

RedhatSpacewalk

12 matches found

CVE•added 2019/07/02 8:15 p.m.•184 views

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary...

9.8CVSS9.6AI score0.08937EPSS

CVE•added 2019/07/02 8:15 p.m.•179 views

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

4.3CVSS4.3AI score0.00102EPSS

CVE•added 2020/02/17 8:15 p.m.•58 views

CVE-2020-1693

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arb...

9.8CVSS9.7AI score0.07131EPSS

CVE•added 2018/07/27 1:29 p.m.•56 views

CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

9.8CVSS9.2AI score0.01046EPSS

CVE•added 2015/01/15 3:59 p.m.•55 views

CVE-2014-7812

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

3.5CVSS5.3AI score0.00209EPSS

CVE•added 2015/01/15 3:59 p.m.•49 views

CVE-2014-7811

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

3.5CVSS5.2AI score0.00184EPSS

CVE•added 2014/02/05 6:55 p.m.•46 views

CVE-2011-3344

Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3CVSS5.8AI score0.00389EPSS

CVE•added 2014/02/05 6:55 p.m.•42 views

CVE-2011-2919

Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.

4.3CVSS5.8AI score0.00322EPSS

CVE•added 2014/02/05 6:55 p.m.•42 views

CVE-2011-2920

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.

4.3CVSS5.9AI score0.00389EPSS

CVE•added 2018/03/14 6:29 p.m.•41 views

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

7.5CVSS7.3AI score0.00234EPSS

CVE•added 2014/02/05 6:55 p.m.•38 views

CVE-2011-1594

Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.

5.8CVSS6.8AI score0.00274EPSS

CVE•added 2014/02/05 6:55 p.m.•37 views

CVE-2011-2927

4.3CVSS5.7AI score0.00344EPSS