Veracode Vulnerability DatabaseVERACODE:34305Information Disclosure
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon.
References
bugzilla.suse.com/show_bug.cgi?id=1193671
github.com/advisories/GHSA-5946-mpw5-pqxx
github.com/cobbler/cobbler/commit/34e3417bcbb72d28c3c1c3332af85793ba077f75
github.com/cobbler/cobbler/pull/2945
github.com/cobbler/cobbler/releases
lists.fedoraproject.org/archives/list/[email protected]/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/
lists.fedoraproject.org/archives/list/[email protected]/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/
lists.fedoraproject.org/archives/list/[email protected]/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/
www.openwall.com/lists/oss-security/2022/02/18/3
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N