N/A

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

XML外部实体引用的不恰当限制(XXE)

spacewalk 代码问题漏洞

spacewalk是一套开源的Linux系统管理解决方案。 Spacewalk 2.9及之前版本中存在代码问题漏洞。远程攻击者可利用该漏洞检索某些文件的内容并造成拒绝服务或在Spacewalk服务器上执行任意代码。

N/A

N/A