Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...
8.8CVSS
8.8AI Score
0.002EPSS
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the...
7.5CVSS
7.3AI Score
0.002EPSS