CVE-2021-45081
published 2022-02-20CVE-2021-45081: An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
PriorityP426medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.90%
55.1th percentile
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | <= 3.3.1 | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-332r-78jx-2j2m: An issue was discovered in Cobbler through 3
ghsa_unreviewed·2022-02-21
CVE-2021-45081 [MEDIUM] CWE-327 GHSA-332r-78jx-2j2m: An issue was discovered in Cobbler through 3
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
OSV
CVE-2021-45081: An issue was discovered in Cobbler through 3
osv·2022-02-20·CVSS 5.9
CVE-2021-45081 [MEDIUM] CVE-2021-45081: An issue was discovered in Cobbler through 3
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Red Hat
cobbler: unsafe protocol usage
vendor_redhat·2022-02-18·CVSS 5.9
CVE-2021-45081 [MEDIUM] CWE-319 cobbler: unsafe protocol usage
cobbler: unsafe protocol usage
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
A flaw was found in cobbler. The vulnerability occurs due to unsafe protocol usage and leads to cleartext transmission. This flaw allows an attacker to interact and see sensitive cleartext transmissions.
Package: rhn-tools:1.0/cobbler (Red Hat Enterprise Linux 8) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-20
Published