Cobbler Security Vulnerabilities and Issues — Cobbler CVE List

Lucene search

Cobbler ProjectCobbler

4 matches found

CVE•added 2022/02/19 12:15 a.m.•180 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8CVSS7.5AI score0.00043EPSS

CVE•added 2022/03/11 1:15 p.m.•130 views

CVE-2022-0860

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

9.1CVSS8.7AI score0.00707EPSS

CVE•added 2022/02/20 6:15 p.m.•120 views

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler ...

7.1CVSS6.7AI score0.0003EPSS

CVE•added 2022/02/20 6:15 p.m.•97 views

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

5.9CVSS5.6AI score0.00217EPSS