N/A

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.

N/A

N/A

Cobbler 安全漏洞

Cobbler是一款网络安装服务器套件，它主要用于快速建立Linux网络安装环境。 Cobbler 3.3.1之前版本存在安全漏洞，该漏洞源于/etc/cobbler中的文件是公开可读的。其中两个文件包含一些敏感信息，这些信息可能会暴露给对服务器具有非特权访问权限的本地用户。

N/A

N/A