Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gxpd-rmnn-67cm
SummaryAn issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
Aliases
0
alias CVE-2021-45083
1
alias GHSA-5946-mpw5-pqxx
2
alias PYSEC-2022-38
Fixed_packages
0
url pkg:pypi/cobbler@3.3.1
purl pkg:pypi/cobbler@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8d7-2mjk-wbc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.1
Affected_packages
0
url pkg:pypi/cobbler@0.6.3.post2
purl pkg:pypi/cobbler@0.6.3.post2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uqv-f4em-4qag
1
vulnerability VCID-gxpd-rmnn-67cm
2
vulnerability VCID-hpkx-7ure-6qbf
3
vulnerability VCID-n8d7-2mjk-wbc8
4
vulnerability VCID-nrb3-t9dq-x7hw
5
vulnerability VCID-y965-s4eq-vfee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@0.6.3.post2
1
url pkg:pypi/cobbler@3.1.2
purl pkg:pypi/cobbler@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uqv-f4em-4qag
1
vulnerability VCID-gxpd-rmnn-67cm
2
vulnerability VCID-hpkx-7ure-6qbf
3
vulnerability VCID-n8d7-2mjk-wbc8
4
vulnerability VCID-nrb3-t9dq-x7hw
5
vulnerability VCID-y965-s4eq-vfee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.1.2
2
url pkg:pypi/cobbler@3.2.1
purl pkg:pypi/cobbler@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uqv-f4em-4qag
1
vulnerability VCID-gxpd-rmnn-67cm
2
vulnerability VCID-hpkx-7ure-6qbf
3
vulnerability VCID-n8d7-2mjk-wbc8
4
vulnerability VCID-nrb3-t9dq-x7hw
5
vulnerability VCID-y965-s4eq-vfee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.2.1
3
url pkg:pypi/cobbler@3.2.2
purl pkg:pypi/cobbler@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uqv-f4em-4qag
1
vulnerability VCID-gxpd-rmnn-67cm
2
vulnerability VCID-hpkx-7ure-6qbf
3
vulnerability VCID-n8d7-2mjk-wbc8
4
vulnerability VCID-nrb3-t9dq-x7hw
5
vulnerability VCID-y965-s4eq-vfee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.2.2
4
url pkg:pypi/cobbler@3.3.0
purl pkg:pypi/cobbler@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gxpd-rmnn-67cm
1
vulnerability VCID-n8d7-2mjk-wbc8
2
vulnerability VCID-nrb3-t9dq-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.0
References
0
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1193671
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1193671
1
reference_url https://github.com/advisories/GHSA-5946-mpw5-pqxx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5946-mpw5-pqxx
2
reference_url https://github.com/cobbler/cobbler
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler
3
reference_url https://github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7
4
reference_url https://github.com/cobbler/cobbler/pull/2945
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/pull/2945
5
reference_url https://github.com/cobbler/cobbler/releases
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases
6
reference_url https://github.com/cobbler/cobbler/releases/tag/v3.3.1
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases/tag/v3.3.1
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE
11
reference_url https://www.openwall.com/lists/oss-security/2022/02/18/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2022/02/18/3
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45083
reference_id CVE-2021-45083
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45083
Weaknesses
0
cwe_id 276
name Incorrect Default Permissions
description During installation, installed file permissions are set to allow anyone to modify those files.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gxpd-rmnn-67cm