{"containers": {"cna": {"affected": [{"product": "spacewalk", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "All spacewalk versions up 2.9"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-19T21:01:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c"}, {"tags": ["x_refsource_MISC"], "url": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1693", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "spacewalk", "version": {"version_data": [{"version_value": "All spacewalk versions up 2.9"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server."}]}, "impact": {"cvss": [[{"vectorString": "8.6/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-611"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693"}, {"name": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c", "refsource": "MISC", "url": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c"}, {"name": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/", "refsource": "MISC", "url": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.296Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1693", "datePublished": "2020-02-17T19:35:43", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.296Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:spacewalk:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4B886FD-F1BB-4C1E-B778-0656C1286091", "versionEndExcluding": "2.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server."}, {"lang": "es", "value": "Se dertect\u00f3 un fallo en Spacewalk hasta la versi\u00f3n 2.9, donde era vulnerable a ataques de entidades internas XML por medio del endpoint /rpc/api. Un atacante remoto no autenticado podr\u00eda utilizar este fallo para recuperar el contenido de ciertos archivos y desencadenar una denegaci\u00f3n de servicio, o en determinadas circunstancias, ejecutar c\u00f3digo arbitrario en el servidor de Spacewalk."}], "id": "CVE-2020-1693", "lastModified": "2024-11-21T05:11:10.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-17T20:15:11.350", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/spacewalkproject/spacewalk/commit/74e28ec61d916c42061ef4347121650a1c962b0c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Thibaut Zonca for reporting this issue.", "bugzilla": {"description": "spacewalk: XML entity attacks on /rpc/api", "id": "1790381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790381"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-611", "details": ["A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.", "A flaw was found in Spacewalk where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server."], "name": "CVE-2020-1693", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "spacewalk", "product_name": "Red Hat Satellite 5"}], "public_date": "2020-02-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1693\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1693\nhttps://zeroauth.ltd/blog/2020/02/18/proof-of-concept-exploit-for-cve-2020-1693-spacewalk/"], "statement": "This flaw was rated Medium in the context of Red Hat Satellite v.5, because it does not allow remote code execution, and because of the limitation imposed when retrieving file content.", "threat_severity": "Important", "upstream_fix": "spacewalk 2.10, redstone-xmlrpc 1.1_20071120-21"}