Cobbler Security Vulnerabilities and Issues — Cobbler CVE List

Lucene search

Cobbler ProjectCobbler

5 matches found

cve•added 2022/02/19 12:15 a.m.•180 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8CVSS7.5AI score0.00043EPSS

cve•added 2022/02/20 6:15 p.m.•119 views

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler ...

7.1CVSS6.7AI score0.0003EPSS

cve•added 2021/10/04 6:15 a.m.•106 views

CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

7.5CVSS8.4AI score0.00025EPSS

cve•added 2021/10/04 6:15 a.m.•99 views

CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

7.5CVSS8.5AI score0.03531EPSS

cve•added 2019/11/19 4:15 p.m.•38 views

CVE-2011-4954

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

7.8CVSS7.8AI score0.00132EPSS