CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-47533 – Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes
https://notcve.org/view.php?id=CVE-2024-47533
18 Nov 2024 — Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. • https://github.com/zetraxz/CVE-2024-47533 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 1CVE-2022-0860 – Improper Authorization in cobbler/cobbler
https://notcve.org/view.php?id=CVE-2022-0860
11 Mar 2022 — Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Una Autorización Inapropiada en el repositorio GitHub cobbler/cobbler versiones anteriores a 3.3.2 It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to ... • https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-45083 – Ubuntu Security Notice USN-6475-1
https://notcve.org/view.php?id=CVE-2021-45083
20 Feb 2022 — An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. • https://bugzilla.suse.com/show_bug.cgi?id=1193671 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45081
https://notcve.org/view.php?id=CVE-2021-45081
20 Feb 2022 — An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. Se ha detectado un problema en Cobbler versiones hasta 3.3.1. Las rutinas en varios archivos usan el protocolo HTTP en lugar del más seguro HTTPS • http://www.openwall.com/lists/oss-security/2022/02/18/3 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-45082 – Ubuntu Security Notice USN-6475-1
https://notcve.org/view.php?id=CVE-2021-45082
18 Feb 2022 — An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) Se ha detectado un problema en Cobbler versiones hasta 3.3.0. En el archivo templar.py, la función check_for_invalid_imports puede permitir que el código Cheetah importe módulos de Python por medio de la subcadena "#from MODULE import". • https://bugzilla.suse.com/show_bug.cgi?id=1193678 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40325
https://notcve.org/view.php?id=CVE-2021-40325
04 Oct 2021 — Cobbler before 3.3.0 allows authorization bypass for modification of settings. Cobbler versiones anteriores a 3.3.0, permite omitir una autorización para modificar la configuración • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2021-40324
https://notcve.org/view.php?id=CVE-2021-40324
04 Oct 2021 — Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Cobbler versiones anteriores a 3.3.0, permite operaciones de escritura de archivos arbitrarios por medio de la función upload_log_data • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 0CVE-2021-40323
https://notcve.org/view.php?id=CVE-2021-40323
04 Oct 2021 — Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. Cobbler versiones anteriores a 3.3.0, permite un envenenamiento de registros, y la resultante Ejecución de Código Remota , por medio de un método XMLRPC que se registra en el archivo de registro para la inyección de plantillas • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9605
https://notcve.org/view.php?id=CVE-2016-9605
22 Aug 2018 — A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation. Se ha detectado un defecto en la versión 2.6.11-1 del componente de software cobbler. Sufre de una vulnerabilidad de validación de parámetros no válida, lo que conduce a la lectura arbitraria de archivos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 75%CPEs: 1EXPL: 0CVE-2018-1000226
https://notcve.org/view.php?id=CVE-2018-1000226
20 Aug 2018 — Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a diffe... • https://github.com/cobbler/cobbler/issues/1916 • CWE-732: Incorrect Permission Assignment for Critical Resource •