CVE-2020-1693CRITICALCVSS 9.8vAll spacewalk versions up 2.92020-02-17
CVE-2020-1693 [CRITICAL] CWE-611 CVE-2020-1693: A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attac
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
cvelistv5nvd