CVE-2021-45081

Publication date 20 February 2022

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

Read the notes from the security team

Status

Package Ubuntu Release Status
cobbler 16.04 LTS xenial Ignored see notes
14.04 LTS trusty Ignored end of standard support

Notes


nickgalanis

Using HTTPS everywhere requires a deep knowledge of how customers implements cobbler in their network and how do they manage certificates. The maintainer decided to not patch this vulnerability, and will keep attention on this in order to create a certificate enrolling and trusting layer in the python code for the future. Thus, this CVE is marked as ignored.

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N