Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x up to and including 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cobblerd cobbler 2.6.0 |
||
cobblerd cobbler 2.4.4 |
||
cobblerd cobbler 2.4.1 |
||
cobblerd cobbler 2.4.0 |
||
cobblerd cobbler 2.4.3 |
||
cobblerd cobbler 2.4.2 |