Description

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

INFO

Published Date :

2024-11-18T16:33:55.229Z

Last Modified :

2024-11-18T18:24:07.378Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47533 vulnerability.

Vendors Products
Cobbler Project
  • Cobbler
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47533.

URL Resource
https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0 cve-icon cve-icon
https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda cve-icon cve-icon
https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact