Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-10931

Published: 09/08/2018 Updated: 12/02/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cobbler Project

Vulnerability Summary

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cobbler project cobbler

redhat satellite 5.7

redhat satellite 5.6

redhat satellite 5.8

Vendor Advisories

Red Hat: Critical: cobbler security update
Synopsis Critical: cobbler security update Type/Severity Security Advisory: Critical Topic An update for cobbler is now available for Red Hat Satellite 56, Red Hat Satellite 57, and Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulne ...
Red Hat: CVE-2018-10931
An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context ...

References

CWE-749https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931https://access.redhat.com/errata/RHSA-2018:2372https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/https://access.redhat.com/errata/RHSA-2018:2372https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-10931
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook