CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4954
https://notcve.org/view.php?id=CVE-2011-4954
19 Nov 2019 — cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE cobbler presenta una escalada de privilegios locales mediante el uso de una ubicación no segura para PYTHON_EGG_CACHE. • http://www.openwall.com/lists/oss-security/2012/04/12/10 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4952
https://notcve.org/view.php?id=CVE-2011-4952
19 Nov 2019 — cobbler: Web interface lacks CSRF protection when using Django framework cobbler: La interfaz web carece de protección contra un CSRF cuando es usado el framework Django. • http://www.openwall.com/lists/oss-security/2012/04/12/10 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000225
https://notcve.org/view.php?id=CVE-2018-1000225
20 Aug 2018 — Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api). Cobbler en su versión Verified, tal y como está presente en Cobbler en versiones 2.6... • https://github.com/cobbler/cobbler/issues/1917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 75%CPEs: 1EXPL: 0CVE-2018-1000226
https://notcve.org/view.php?id=CVE-2018-1000226
20 Aug 2018 — Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a diffe... • https://github.com/cobbler/cobbler/issues/1916 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 6%CPEs: 7EXPL: 5CVE-2014-3225 – Cobbler 2.4.x < 2.6.x - Local File Inclusion
https://notcve.org/view.php?id=CVE-2014-3225
13 May 2014 — Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. Vulnerabilidad de recorrido de directorio absoluto en la interfaz web en Cobbler 2.4.x hasta 2.6.x permite a usuarios remotos autenticados leer archivos arbitrarios a través del campo Kickstart en un perfil. It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. A... • https://packetstorm.news/files/id/126607 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •