cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon.
bugzilla.suse.com/show_bug.cgi?id=1193671
github.com/advisories/GHSA-5946-mpw5-pqxx
github.com/cobbler/cobbler/commit/34e3417bcbb72d28c3c1c3332af85793ba077f75
github.com/cobbler/cobbler/pull/2945
github.com/cobbler/cobbler/releases
lists.fedoraproject.org/archives/list/[email protected]/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/
lists.fedoraproject.org/archives/list/[email protected]/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/
lists.fedoraproject.org/archives/list/[email protected]/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/
www.openwall.com/lists/oss-security/2022/02/18/3