CVE-2018-10931

cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Se ha descubierto que cobbler 2.6.x exponía todas las funciones desde su clase CobblerXMLRPCInterface mediante XMLRPC. Un atacante no autenticado remoto podría emplear este error para obtener privilegios elevados en cobbler o subir archivos a ubicaciones arbitrarias en el contexto del demonio.

An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context.

It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to execute arbitrary code with high privileges.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-09 CVE Reserved
2018-08-09 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-749: Exposed Dangerous Method or Function

CAPEC

References (6)

URL	Tag	Source
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:2372	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA	2023-02-12
https://access.redhat.com/security/cve/CVE-2018-10931	2018-08-09
https://bugzilla.redhat.com/show_bug.cgi?id=1613861	2018-08-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cobbler Project Search vendor "Cobbler Project"		Cobbler Search vendor "Cobbler Project" for product "Cobbler"				>= 2.6.0 <= 2.6.11 Search vendor "Cobbler Project" for product "Cobbler" and version " >= 2.6.0 <= 2.6.11"		-		Affected
Redhat Search vendor "Redhat"		Satellite Search vendor "Redhat" for product "Satellite"				5.6 Search vendor "Redhat" for product "Satellite" and version "5.6"		-		Affected
Redhat Search vendor "Redhat"		Satellite Search vendor "Redhat" for product "Satellite"				5.7 Search vendor "Redhat" for product "Satellite" and version "5.7"		-		Affected
Redhat Search vendor "Redhat"		Satellite Search vendor "Redhat" for product "Satellite"				5.8 Search vendor "Redhat" for product "Satellite" and version "5.8"		-		Affected