Количество 7
Количество 7
CVE-2024-47533
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
CVE-2024-47533
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
CVE-2024-47533
Cobbler, a Linux installation server that allows for rapid setup of ne ...
openSUSE-SU-2024:0382-1
Security update for cobbler
openSUSE-SU-2024:0370-1
Security update for cobbler
GHSA-m26c-fcgh-cp6h
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
BDU:2024-09952
Уязвимость сервера сетевой установки Cobbler, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить полный доступ к серверу
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-47533 Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. | CVSS3: 9.8 | 69% Средний | около 1 года назад |
 | CVE-2024-47533 Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. | CVSS3: 9.8 | 69% Средний | около 1 года назад |
| CVE-2024-47533 Cobbler, a Linux installation server that allows for rapid setup of ne ... | CVSS3: 9.8 | 69% Средний | около 1 года назад |
 | openSUSE-SU-2024:0382-1 Security update for cobbler | 69% Средний | около 1 года назад | |
| openSUSE-SU-2024:0370-1 Security update for cobbler | 69% Средний | около 1 года назад | |
| GHSA-m26c-fcgh-cp6h cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes | CVSS3: 9.8 | 69% Средний | около 1 года назад |
 | BDU:2024-09952 Уязвимость сервера сетевой установки Cobbler, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить полный доступ к серверу | CVSS3: 9.8 | 69% Средний | около 1 года назад |
Уязвимостей на страницу