Home > Vulnerability Database > CVE-2024-47533

Mend.io Vulnerability Database

CVE-2024-47533

Good to know:

Date: November 18, 2024

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. "utils.get_shared_secret()" always returns "-1", which allows anyone to connect to cobbler XML-RPC as user "''" password "-1" and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

Language: Python

Severity Score

9.8

Related Resources (6)

Url: https://github.com/cobbler/cobbler

Url: https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda

Url: https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47533

Url: https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h

Url: https://www.mend.io/vulnerability-database/CVE-2024-47533

Severity Score

9.8

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

Upgrade Version

Upgrade to version cobbler - 3.3.7;cobbler - 3.2.3

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47533

Good to know:

Date: November 18, 2024

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?