RSS   Vulnerabilities for 'Cobbler'   RSS

2019-11-19
 
CVE-2011-4954

CWE-269
 

 
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

 
 
CVE-2011-4952

CWE-352
 

 
cobbler: Web interface lacks CSRF protection when using Django framework

 
2018-08-20
 
CVE-2018-1000226

CWE-732
 

 
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

 
 
CVE-2018-1000225

CWE-79
 

 
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

 
2014-05-13
 
CVE-2014-3225

CWE-22
 

 
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

 


Copyright 2024, cxsecurity.com

 

Back to Top