OVAL Reference oval:org.opensuse.security:def:202145083

Oval Definition:

oval:org.opensuse.security:def:202145083

Revision Date:	2022-05-25	Version:	1
Title:	CVE-2021-45083
Description:	An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	Mitre CVE-2021-45083 SUSE CVE-2021-45083 SUSE-SU-2022:0507-1 SUSE-SU-2022:0509-1 SUSE-SU-2022:0510-1 SUSE-SU-2022:14891-1 openSUSE-SU-2022:0062-1
Platform(s):	Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE openSUSE Leap 15.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9	Product(s):
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS is installed OR SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS is installed AND koan-2.2.2-0.68.15.1 is installed
Definition Synopsis
Release Information Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure is installed OR Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed OR Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE is installed AND cobbler-3.1.2-150300.5.14.1 is installed OR Package Information SUSE Linux Enterprise Module for SUSE Manager Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND cobbler-3.1.2-150300.5.14.1 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND cobbler-2.6.6-49.35.1 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND cobbler-2.6.6-49.35.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Module for SUSE Manager Server 4.1 is installed OR SUSE Manager Server 4.1 is installed AND cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1 is installed OR Package Information Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure is installed OR Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM is installed OR Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE is installed AND cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1 is installed
Definition Synopsis
openSUSE Leap 15.3 is installed AND Package Information cobbler-3.1.2-bp153.2.3.1 is installed AND cobbler is signed with openSUSE key OR cobbler-tests-3.1.2-bp153.2.3.1 is installed AND cobbler-tests is signed with openSUSE key OR cobbler-web-3.1.2-bp153.2.3.1 is installed AND cobbler-web is signed with openSUSE key

BACK