Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cobbler Project Security Vulnerabilities

cve
cve

CVE-2011-4953

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.

9.4AI Score

0.007EPSS

2014-10-27 01:55 AM
101
cve
cve

CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

6.1CVSS

6.1AI Score

0.001EPSS

2018-08-22 09:29 PM
20
cve
cve

CVE-2017-1000469

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

9.8CVSS

9.6AI Score

0.004EPSS

2022-10-03 04:23 PM
121
cve
cve

CVE-2018-10931

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

9.8CVSS

9.4AI Score

0.007EPSS

2018-08-09 08:29 PM
127
cve
cve

CVE-2021-40323

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

9.8CVSS

9.6AI Score

0.037EPSS

2021-10-04 06:15 AM
76
cve
cve

CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

7.5CVSS

8.5AI Score

0.001EPSS

2021-10-04 06:15 AM
73
cve
cve

CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

7.5CVSS

8.4AI Score

0.001EPSS

2021-10-04 06:15 AM
74
cve
cve

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

5.9CVSS

5.6AI Score

0.001EPSS

2022-02-20 06:15 PM
80
cve
cve

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8CVSS

7.5AI Score

0.001EPSS

2022-02-19 12:15 AM
149
cve
cve

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler ...

7.1CVSS

6.7AI Score

0.0004EPSS

2022-02-20 06:15 PM
89
cve
cve

CVE-2022-0860

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

9.1CVSS

9AI Score

0.002EPSS

2022-03-11 01:15 PM
97
4