An arbitrary file disclosure/template injection flaw was found in Cobbler. It exposes an XMLRPC API interface that allows users to request some information without authentication. References: https://lists.suse.com/pipermail/sle-security-updates/2021-September/009468.html https://github.com/cobbler/cobbler/issues/2795 https://github.com/cobbler/cobbler/pull/2794
Created cobbler tracking bugs for this issue: Affects: epel-7 [bug 2006885] Affects: fedora-all [bug 2006884]