Vulnerabilities > Cobblerd

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-19	CVE-2011-4954	Improper Privilege Management vulnerability in Cobblerd Cobbler cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE local low complexity cobblerd CWE-269	7.2
2019-11-19	CVE-2011-4952	Cross-Site Request Forgery (CSRF) vulnerability in Cobblerd Cobbler cobbler: Web interface lacks CSRF protection when using Django framework network cobblerd CWE-352	6.8
2018-08-20	CVE-2018-1000226	Incorrect Permission Assignment for Critical Resource vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. network low complexity cobblerd CWE-732	7.5
2018-08-20	CVE-2018-1000225	Cross-site Scripting vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. network cobblerd CWE-79	4.3
2014-05-14	CVE-2014-3225	Path Traversal vulnerability in Cobblerd Cobbler Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. network low complexity cobblerd CWE-22	4.0

Vulnerabilities > Cobblerd {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cobblerd"}]}

Vulnerabilities > Cobblerd