Security Advisory

CVE-2020-1693

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-17 19:35:43

Last updated 2024-08-04 06:46:30

Assigner redhat

State PUBLISHED

Description

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.

← Browse all CVEs View on cve.org ↗