CVE-2018-1077

Опубликовано: 12 мар. 2018

Источник: redhat

CVSS3: 5

EPSS Низкий

Описание

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

Spacewalk includes an API endpoint that can be abused by attackers to execute an XXE (XML External Entity Reference) allowing for the disclosure of potentially sensitive information.

Отчет

This issue affects the versions of spacewalk as shipped with Red Hat Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Satellite 5	spacewalk	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1555429spacewalk: XML External Entity (XXE) on Spacewalk APIs

EPSS

Процентиль: 45%

0.00222

Низкий

5 Medium

CVSS3

Связанные уязвимости

CVE-2018-1077

CVSS3: 7.5

nvd

почти 8 лет назад

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

GHSA-c447-rp4f-fgvj