CVE-2024-47533

EUVD-2024-3281

18.11.2024, 17:15

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
cobbler_project	cobbler	3.0.0 ≤ 𝑥 < 3.2.3	ADP
cobbler_project	cobbler	3.3.0 ≤ 𝑥 < 3.3.7	ADP

Ubuntu Releases

Ubuntu Product

Codename

cobbler

focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
xenial	needs-triage

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0

https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda

https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h