Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6475-1
HistoryNov 13, 2023 - 12:00 a.m.

Cobbler vulnerabilities

2023-11-1300:00:00
ubuntu.com
19
ubuntu 16.04 esm
path traversal
command injection
high privileges
log poisoning
credential vulnerabilities

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.031 Low

EPSS

Percentile

90.9%

JSON

Releases

  • Ubuntu 16.04 ESM

Packages

  • cobbler - Cobbler is a versatile Linux deployment server

Details

It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)

It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)

It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)

Nicolas Chatelain discovered that Cobbler did not properly handle user
input, which could result in log poisoning. A remote attacker could
possibly use this issue to bypass authorization, write in an arbitrary
file, or execute arbitrary code.
(CVE-2021-40323, CVE-2021-40324, CVE-2021-40325)

It was discovered that Cobbler did not properly handle file permissions
during package install or update operations. An attacker could possibly
use this issue to perform a privilege escalation attack. (CVE-2021-45083)

It was discovered that Cobbler did not properly process credentials for
expired accounts. An attacker could possibly use this issue to login to
the platform with an expired account or password. (CVE-2022-0860)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchcobbler< 2.4.1-0ubuntu2+esm1UNKNOWN
Ubuntu16.04noarchcobbler< 2.4.1-0ubuntu2UNKNOWN
Ubuntu16.04noarchcobbler-common< 2.4.1-0ubuntu2UNKNOWN
Ubuntu16.04noarchcobbler-web< 2.4.1-0ubuntu2UNKNOWN
Ubuntu16.04noarchkoan< 2.4.1-0ubuntu2UNKNOWN
Ubuntu16.04noarchpython-cobbler< 2.4.1-0ubuntu2UNKNOWN
Ubuntu16.04noarchpython-koan< 2.4.1-0ubuntu2UNKNOWN
Ubuntu16.04noarchcobbler-common< 2.4.1-0ubuntu2+esm1UNKNOWN
Ubuntu16.04noarchcobbler-web< 2.4.1-0ubuntu2+esm1UNKNOWN
Ubuntu16.04noarchkoan< 2.4.1-0ubuntu2+esm1UNKNOWN
Rows per page:
1-10 of 121

Related

nessus 18
osv 26
openvas 30
suse 5
fedora 18
cve 11
prion 11
nuclei 2
ubuntucve 11
github 11
gitlab 11
redhatcve 10
cnvd 6
veracode 4
redhat 1
securityvulns 3
packetstorm 1
huntr 1
nessus
nessus
Ubuntu 16.04 ESM : Cobbler vulnerabilities (USN-6475-1)
2023-11-13 00:00:00
openSUSE Security Update : cobbler (openSUSE-2018-952)
2018-09-04 00:00:00
openSUSE Security Update : cobbler (openSUSE-2021-46)
2021-01-25 00:00:00
osv
osv
cobbler vulnerabilities
2023-11-13 15:04:17
Cobbler Improper Validation of Security Tokens
2022-05-13 01:48:35
Cobbler vulnerable to arbitrary code execution
2022-05-14 03:49:57
openvas
openvas
Ubuntu: Security Advisory (USN-6475-1)
2023-11-14 00:00:00
Cobbler < 3.3.0 Multiple Vulnerabilities
2022-02-23 00:00:00
Fedora: Security Advisory for cobbler (FEDORA-2021-5f1e30aa56)
2021-10-03 00:00:00
suse
suse
Security update for cobbler (important)
2022-03-01 00:00:00
Security update for cobbler (important)
2018-09-03 15:07:54
Security update for cobbler (moderate)
2021-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: cobbler-3.2.2-2.fc35
2021-09-29 00:21:55
[SECURITY] Fedora 33 Update: cobbler-3.2.2-2.fc33
2021-10-02 01:10:24
[SECURITY] Fedora 34 Update: cobbler-3.2.2-2.fc34
2021-10-02 01:28:42
cve
cve
CVE-2018-1000226
2018-08-20 20:29:00
CVE-2021-45082
2022-02-19 00:15:00
CVE-2021-40325
2021-10-04 06:15:00
prion
prion
Design/Logic Flaw
2018-08-20 20:29:00
Design/Logic Flaw
2021-10-04 06:15:00
Command injection
2018-01-03 20:29:00
nuclei
nuclei
Cobbler - Authentication Bypass
2022-02-14 17:20:32
Cobbler <3.3.0 - Remote Code Execution
2022-02-14 17:20:32
ubuntucve
ubuntucve
CVE-2018-1000226
2018-08-20 00:00:00
CVE-2017-1000469
2018-01-03 00:00:00
CVE-2021-45083
2022-02-20 00:00:00
github
github
Cobbler Improper Validation of Security Tokens
2022-05-13 01:48:35
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
2021-10-05 17:53:29
Cobbler vulnerable to arbitrary code execution
2022-05-14 03:49:57
gitlab
gitlab
Incorrect Permission Assignment for Critical Resource
2022-05-13 00:00:00
Improper Neutralization of Special Elements used in a Command ('Command Injection')
2022-02-20 00:00:00
Improper Input Validation
2022-05-14 00:00:00
redhatcve
redhatcve
CVE-2018-1000225
2018-08-22 07:49:16
CVE-2017-1000469
2018-01-09 03:19:42
CVE-2021-40323
2021-09-22 14:52:01
cnvd
cnvd
Cobbler authorization issue vulnerability
2021-10-08 00:00:00
Cobbler has an unspecified vulnerability (CNVD-2022-18325)
2022-02-22 00:00:00
Cobbler Command Injection Vulnerability (CNVD-2022-18324)
2022-02-22 00:00:00
veracode
veracode
Information Disclosure
2022-02-21 05:46:45
Privilege Escalation
2022-02-21 14:32:23
Arbitrary File Upload
2019-01-15 09:24:32
redhat
redhat
(RHSA-2018:2372) Critical: cobbler security update
2018-08-09 15:32:57
securityvulns
securityvulns
FD - Cobbler Arbitrary File Read CVE-2014-3225
2014-05-15 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-10 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-15 00:00:00
packetstorm
packetstorm
Cobbler 2.6.0 Arbitrary File Read
2014-05-13 00:00:00
huntr
huntr
Improper Authorization
2022-03-02 15:26:14

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.031 Low

EPSS

Percentile

90.9%

JSON
Related for USN-6475-1
nessus18osv26openvas30suse5fedora18cve11prion11nuclei2ubuntucve11github11gitlab11redhatcve10cnvd6veracode4redhat1securityvulns3packetstorm1huntr1