Lucene search

GitHub Advisory DatabaseGHSA-XC7W-JVHX-P6Q9

HistoryMay 14, 2022 - 2:52 a.m.

Cobbler Path Traversal vulnerability

2022-05-1402:52:42

CWE-22

GitHub Advisory Database

github.com

6.8 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.8%

JSON

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

CPENameOperatorVersion
cobblerlt2.4.7
cobblerlt2.6.4

CPE	Name	Operator	Version
	cobbler	lt	2.4.7
	cobbler	lt	2.6.4

References

packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html

seclists.org/oss-sec/2014/q2/273

seclists.org/oss-sec/2014/q2/274

www.exploit-db.com/exploits/33252

www.osvdb.org/106759

www.securityfocus.com/archive/1/532094/100/0/threaded

www.securityfocus.com/bid/67277

github.com/advisories/GHSA-xc7w-jvhx-p6q9

github.com/cobbler/cobbler/commit/8232c0e88ec7382d3f8d3bf48c81a4a91ac4325d

github.com/cobbler/cobbler/commit/f757e3096fcd32397609ca38efb01f19d16dd634

github.com/cobbler/cobbler/issues/939

nvd.nist.gov/vuln/detail/CVE-2014-3225

www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be