Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
AnalysisAI
Cobbler before 3.3.0 allows authorization bypass for modification of settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
Cobbler before 3.3.0 allows authorization bypass for modification of settings. Affected products include: Cobbler Project Cobbler. Version information: before 3.3.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the lo
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibl
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vul
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary comm
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. Rated critical
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated us
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vu
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibl
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today