Thesp0Nge

**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.1 **Description** An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest of users, which can be used to obtain plaintext strings for easy-to-guess passwords. The settings.yaml file contains secrets such as the hashed default password. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/cobbler directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Spacewalk version 2.10 Uyuni version 2021.08 Uyuni spacewalk-admin versions prior to 4.3.2-1 **Description** The issue allows code injection due to the lack of sanitization of the configuration filename used by the rhn-config-satellite.pl script to append Spacewalk-specific key-value pairs. This script is intended to be run by the tomcat user account with Sudo, according to the installation setup. An attacker can use the --option to append arbitrary code to a root-owned file that will eventually be executed by the system. **Recommendations** For Spacewalk version 2.10, update to a version that includes the fix for this issue. For Uyuni version 2021.08, update Uyuni spacewalk-admin to version 4.3.2-1 or later. For Uyuni spacewalk-admin versions prior to 4.3.2-1, update to version 4.3.2-1 or later. As a temporary workaround, consider restricting the execution of the rhn-config-satellite.pl script to prevent potential code injection attacks.