Security Bypass in Ubuntu Cobbler's GPG Signature Verification
CVE-2012-2092

5.9MEDIUM

Key Information:

Vendor

Ubuntu

Status
Cobbler
Vendor
CVE Published:
6 December 2019

What is CVE-2012-2092?

A significant vulnerability exists in Ubuntu Cobbler prior to version 2.2.2, manifested through the cobbler-ubuntu-import script. This flaw arises from an insufficient verification process of GPG signatures, which could allow malicious actors to bypass security mechanisms, potentially leading to unauthorized access or manipulation of the system.

Affected Version(s)

Cobbler before 2.2.2

References

https://security-tracker.debian.org/tracker/CVE-2012-2092
x_refsource_MISC
http://www.securityfocus.com/bid/52971
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/04/10/14
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.