Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cobbler project cobbler vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-1000469
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Cobbler Project Cobbler
9.8
CVSSv3
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
7.5
CVSSv3
CVE-2021-40324
Cobbler prior to 3.3.0 allows arbitrary file write operations via upload_log_data.
Cobbler Project Cobbler
7.5
CVSSv3
CVE-2021-40325
Cobbler prior to 3.3.0 allows authorization bypass for modification of settings.
Cobbler Project Cobbler
NA
CVE-2011-4953
The set_mgmt_parameters function in item.py in cobbler prior to 2.2.2 allows context-dependent malicious users to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
Cobbler Project Cobbler
5.9
CVSSv3
CVE-2021-45081
An issue exists in Cobbler up to and including 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Cobbler Project Cobbler
6.1
CVSSv3
CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.
Cobbler Project Cobbler 2.6.11-1
9.1
CVSSv3
CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler before 3.3.2.
Cobbler Project Cobbler
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.1
CVSSv3
CVE-2021-45083
An issue exists in Cobbler prior to 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users ...
Cobbler Project Cobbler
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2021-45082
An issue exists in Cobbler prior to 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Cobbler Project Cobbler
Suse Linux Enterprise Server 11
Opensuse Factory -
Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Opensuse Backports Sle-15
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started