Skip to main content

Cobbler

9 CVEs product

Monthly

CVE-2022-0860 PyPI CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cobbler Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-40325 PyPI HIGH PATCH This Week

Cobbler before 3.3.0 allows authorization bypass for modification of settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40324 PyPI HIGH PATCH This Week

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
68.6%
CVE-2021-40323 PyPI CRITICAL POC PATCH THREAT Act Now

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Cobbler
NVD GitHub
CVSS 3.1
9.8
EPSS
88.5%
CVE-2018-1000226 PyPI CRITICAL POC PATCH THREAT Act Now

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cobbler
NVD GitHub
CVSS 3.0
9.8
EPSS
12.5%
CVE-2018-1000225 PyPI MEDIUM This Month

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Cobbler
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10931 PyPI CRITICAL PATCH Act Now

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cobbler Satellite
NVD
CVSS 3.0
9.8
EPSS
67.9%
CVE-2014-3225 PyPI MEDIUM POC PATCH This Month

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cobbler
NVD Exploit-DB GitHub
CVSS 2.0
4.0
EPSS
6.1%
CVE-2012-2395 PyPI HIGH POC PATCH This Week

Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cobbler
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
0.6%
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cobbler Fedora
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Cobbler before 3.3.0 allows authorization bypass for modification of settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Cobbler
NVD GitHub
EPSS 69% CVSS 7.5
HIGH PATCH This Week

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Cobbler
NVD GitHub
EPSS 88% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Cobbler
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cobbler
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Cobbler
NVD GitHub
EPSS 68% CVSS 9.8
CRITICAL PATCH Act Now

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cobbler Satellite
NVD
EPSS 6% CVSS 4.0
MEDIUM POC PATCH This Month

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cobbler
NVD Exploit-DB GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cobbler
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy