logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-0860 cobbler

Package

Manager: pip
Name: cobbler
Vulnerable Version: >=0 <3.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00745 pctl0.72144

Details

Improper Authorization in cobbler ### Impact If PAM is correctly configured and a user account is set to expired, the expired user-account is still able to successfully log into Cobbler in all places (Web UI, CLI & XMLRPC-API). The same applies to user accounts with passwords set to be expired. ### Patches There is a patch for the latest Cobbler `3.3.2` available, however a backport will be done for `3.2.x`. ### Workarounds - Delete expired accounts which are able to access Cobbler via PAM. - Use `chage -l <username>` to lock the account. If the account has SSH-Keys attached then remove them completely. ### References - Originally discovered by @ysf at https://www.huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d/ ### How to test if my Cobbler instance is affected? The following `pytest` test assumes that your PAM setup is correct. In case the added user is not able to login, this test does not make sense to be executed. ```python def test_pam_login_with_expired_user(): # Arrange # create pam testuser test_username = "expired_user" test_password = "password" test_api = CobblerAPI() subprocess_1 = subprocess.run( ["perl", "-e", "'print crypt(\"%s\", \"%s\")'" % (test_username, test_password)], stdout=subprocess.PIPE ) subprocess.run(["useradd", "-p", subprocess_1.stdout, test_username]) # change user to be expired subprocess.run(["chage", "-E0", test_username]) # Act result = pam.authenticate(test_api, test_username, test_password) # Assert - login should fail assert not result ``` ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Cobbler repository](https://github.com/cobbler/cobbler/issues/new/choose) * Ask in the [Gitter/Matrix Chat](https://gitter.im/cobbler/community) * Email us at [cobbler.project@gmail.com](mailto:cobbler.project@gmail.com)

Metadata

Created: 2022-03-11T20:52:04Z
Modified: 2024-11-18T16:26:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-mcg6-h362-cmq5/GHSA-mcg6-h362-cmq5.json
CWE IDs: ["CWE-285", "CWE-863"]
Alternative ID: GHSA-mcg6-h362-cmq5
Finding: F039
Auto approve: 1