5.9

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cobbler ProjectCobbler Version <= 3.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.443
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://github.com/cobbler/cobbler/releases
Third Party Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2022/02/18/3
Patch
Third Party Advisory
Mailing List
https://bugzilla.suse.com/show_bug.cgi?id=1193683
Third Party Advisory
Issue Tracking