Red Hat Spacewalk 2.6

CPE Details

Red Hat Spacewalk 2.6
2.6
2018-11-01
16h32 +00:00
2018-11-01
16h32 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:spacewalk:2.6:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

spacewalk

Version

2.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-1693 2020-02-17 18h35 +00:00 A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
9.8
Critique
CVE-2019-10136 2019-07-02 17h29 +00:00 It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
4.3
Moyen
CVE-2019-10137 2019-07-02 17h28 +00:00 A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
9.8
Critique
CVE-2018-1077 2018-03-14 18h00 +00:00 Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
7.5
Haute