Skip to main content

Spacewalk

7 CVEs product

Monthly

CVE-2021-40348 HIGH POC PATCH This Week

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat RCE Code Injection Uyuni Spacewalk
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-1693 CRITICAL POC PATCH Act Now

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service XXE Spacewalk
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-10137 CRITICAL Act Now

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Satellite Spacewalk
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-10136 MEDIUM This Month

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Satellite Spacewalk
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-1077 HIGH This Week

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Spacewalk Satellite
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2014-7812 LOW Monitor

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Satellite Spacewalk Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7811 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Network Satellite Spacewalk Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat RCE Code Injection +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service XXE +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Satellite +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Satellite +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Spacewalk Satellite
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Satellite +2
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Network Satellite +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy