Vulnerabilities > Cobblerd
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-19 | CVE-2011-4954 | Improper Privilege Management vulnerability in Cobblerd Cobbler cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE | 7.2 |
2019-11-19 | CVE-2011-4952 | Cross-Site Request Forgery (CSRF) vulnerability in Cobblerd Cobbler cobbler: Web interface lacks CSRF protection when using Django framework | 6.8 |
2018-08-20 | CVE-2018-1000226 | Incorrect Permission Assignment for Critical Resource vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. | 7.5 |
2018-08-20 | CVE-2018-1000225 | Cross-site Scripting vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. | 4.3 |
2014-05-14 | CVE-2014-3225 | Path Traversal vulnerability in Cobblerd Cobbler Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | 4.0 |