CVE-2021-45083: 
Python vulnerability analysis and mitigation

A security vulnerability was discovered in Cobbler before version 3.3.1, identified as CVE-2021-45083. The issue involves world-readable files in /etc/cobbler directory that contain sensitive information. Two specific files, users.digest and settings.yaml, could expose sensitive data to local users with non-privileged access to the server (CVE, OpenWall).

The vulnerability affects two critical configuration files: users.digest, which contains SHA2-512 digests of users in a Cobbler local installation, and settings.yaml, which contains secrets such as the hashed default password. Both files were configured with world-readable permissions, making them accessible to any local user on the system. The vulnerability has been assigned a CVSS score of 8.4 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) (OpenWall).

The vulnerability could allow local users with non-privileged access to obtain sensitive information. In cases where passwords are easy to guess, attackers could potentially obtain plaintext credentials from the SHA2-512 hashes stored in users.digest. Additionally, the exposure of settings.yaml could reveal other system secrets including the hashed default password (CVE).

The issue was fixed in Cobbler version 3.3.1. A temporary workaround for affected systems is to manually modify the file permissions as root: chmod go-r /etc/cobbler/users.digest and chmod go-r /etc/cobbler/settings.yaml. The permanent fix was implemented through a commit that properly restricts file permissions (OpenWall, GitHub).

The vulnerability was addressed in multiple Linux distributions including Fedora, which released security updates to address both CVE-2021-45083 and related vulnerability CVE-2021-45082. The fixes were included in package versions cobbler-3.2.2-10 for Fedora 34 and 35, and cobbler-3.3.1-1 for Fedora 36 (Fedora).