Cobbler Security Vulnerabilities and Issues — Cobbler CVE List

Lucene search

CobblerdCobbler

5 matches found

CVE•added 2018/08/20 8:29 p.m.•170 views

CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation o...

9.8CVSS9.5AI score0.72823EPSS

CVE•added 2018/08/20 8:29 p.m.•138 views

CVE-2018-1000225

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

6.1CVSS7.5AI score0.0035EPSS

CVE•added 2014/05/14 12:55 a.m.•54 views

CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

4CVSS8.7AI score0.06296EPSS

CVE•added 2019/11/19 4:15 p.m.•50 views

CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework

8.8CVSS8.6AI score0.00274EPSS

CVE•added 2019/11/19 4:15 p.m.•38 views

CVE-2011-4954

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

7.8CVSS7.8AI score0.00132EPSS