Search criteria
11 vulnerabilities by cobbler_project
CVE-2022-0860 (GCVE-0-2022-0860)
Vulnerability from cvelistv5 – Published: 2022-03-11 12:50 – Updated: 2024-08-02 23:40
VLAI?
Summary
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
Severity ?
8.2 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cobbler | cobbler/cobbler |
Affected:
unspecified , < 3.3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa"
},
{
"name": "FEDORA-2022-224e71968f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/"
},
{
"name": "FEDORA-2022-445ec90e7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/"
},
{
"name": "FEDORA-2022-ad2b0ad61b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cobbler/cobbler",
"vendor": "cobbler",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T02:06:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa"
},
{
"name": "FEDORA-2022-224e71968f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/"
},
{
"name": "FEDORA-2022-445ec90e7c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/"
},
{
"name": "FEDORA-2022-ad2b0ad61b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/"
}
],
"source": {
"advisory": "c458b868-63df-414e-af10-47e3745caa1d",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in cobbler/cobbler",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0860",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in cobbler/cobbler"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cobbler/cobbler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.2"
}
]
}
}
]
},
"vendor_name": "cobbler"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d"
},
{
"name": "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa"
},
{
"name": "FEDORA-2022-224e71968f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/"
},
{
"name": "FEDORA-2022-445ec90e7c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/"
},
{
"name": "FEDORA-2022-ad2b0ad61b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/"
}
]
},
"source": {
"advisory": "c458b868-63df-414e-af10-47e3745caa1d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0860",
"datePublished": "2022-03-11T12:50:10",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45083 (GCVE-0-2021-45083)
Vulnerability from cvelistv5 – Published: 2022-02-20 17:56 – Updated: 2024-08-04 04:32
VLAI?
Summary
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/02/18/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193671"
},
{
"name": "FEDORA-2022-0c6402a6a3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/"
},
{
"name": "FEDORA-2022-0649006be6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/"
},
{
"name": "FEDORA-2022-f1510aa454",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it\u0027s trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-26T17:06:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/02/18/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193671"
},
{
"name": "FEDORA-2022-0c6402a6a3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/"
},
{
"name": "FEDORA-2022-0649006be6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/"
},
{
"name": "FEDORA-2022-f1510aa454",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it\u0027s trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/releases",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"name": "https://www.openwall.com/lists/oss-security/2022/02/18/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/02/18/3"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1193671",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193671"
},
{
"name": "FEDORA-2022-0c6402a6a3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/"
},
{
"name": "FEDORA-2022-0649006be6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/"
},
{
"name": "FEDORA-2022-f1510aa454",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45083",
"datePublished": "2022-02-20T17:56:11",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45081 (GCVE-0-2021-45081)
Vulnerability from cvelistv5 – Published: 2022-02-20 17:52 – Updated: 2024-08-04 04:32
VLAI?
Summary
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"name": "[oss-security] 20220218 Multiple vulnerabilities affecting cobbler",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T23:07:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"name": "[oss-security] 20220218 Multiple vulnerabilities affecting cobbler",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/releases",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"name": "[oss-security] 20220218 Multiple vulnerabilities affecting cobbler",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/18/3"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1193683",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45081",
"datePublished": "2022-02-20T17:52:52",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45082 (GCVE-0-2021-45082)
Vulnerability from cvelistv5 – Published: 2022-02-18 23:23 – Updated: 2024-08-04 04:32
VLAI?
Summary
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193678"
},
{
"name": "FEDORA-2022-0c6402a6a3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/"
},
{
"name": "FEDORA-2022-0649006be6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/"
},
{
"name": "FEDORA-2022-f1510aa454",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the \"#from MODULE import\" substring. (Only lines beginning with #import are blocked.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-26T17:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193678"
},
{
"name": "FEDORA-2022-0c6402a6a3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/"
},
{
"name": "FEDORA-2022-0649006be6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/"
},
{
"name": "FEDORA-2022-f1510aa454",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the \"#from MODULE import\" substring. (Only lines beginning with #import are blocked.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/releases",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1193678",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193678"
},
{
"name": "FEDORA-2022-0c6402a6a3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/"
},
{
"name": "FEDORA-2022-0649006be6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/"
},
{
"name": "FEDORA-2022-f1510aa454",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45082",
"datePublished": "2022-02-18T23:23:30",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40325 (GCVE-0-2021-40325)
Vulnerability from cvelistv5 – Published: 2021-10-04 05:43 – Updated: 2024-08-04 02:27
VLAI?
Summary
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 3.3.0 allows authorization bypass for modification of settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T05:43:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 3.3.0 allows authorization bypass for modification of settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40325",
"datePublished": "2021-10-04T05:43:54",
"dateReserved": "2021-08-30T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40324 (GCVE-0-2021-40324)
Vulnerability from cvelistv5 – Published: 2021-10-04 05:39 – Updated: 2024-08-04 02:27
VLAI?
Summary
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T05:39:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40324",
"datePublished": "2021-10-04T05:39:51",
"dateReserved": "2021-08-30T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40323 (GCVE-0-2021-40323)
Vulnerability from cvelistv5 – Published: 2021-10-04 05:37 – Updated: 2024-08-04 02:27
VLAI?
Summary
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T05:46:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40323",
"datePublished": "2021-10-04T05:37:50",
"dateReserved": "2021-08-30T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9605 (GCVE-0-2016-9605)
Vulnerability from cvelistv5 – Published: 2018-08-22 21:00 – Updated: 2024-08-06 02:59
VLAI?
Summary
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The cobbler Project | cobbler |
Affected:
2.6.11-1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cobbler",
"vendor": "The cobbler Project",
"versions": [
{
"status": "affected",
"version": "2.6.11-1"
}
]
}
],
"datePublic": "2017-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9605",
"datePublished": "2018-08-22T21:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:02.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10931 (GCVE-0-2018-10931)
Vulnerability from cvelistv5 – Published: 2018-08-09 20:00 – Updated: 2024-08-05 07:54
VLAI?
Summary
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Cobbler Project | cobbler |
Affected:
2.6.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931"
},
{
"name": "RHSA-2018:2372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2372"
},
{
"name": "FEDORA-2019-3cacfb34ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/"
},
{
"name": "FEDORA-2019-cd24f60a94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cobbler",
"vendor": "The Cobbler Project",
"versions": [
{
"status": "affected",
"version": "2.6.x"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T22:06:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931"
},
{
"name": "RHSA-2018:2372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2372"
},
{
"name": "FEDORA-2019-3cacfb34ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/"
},
{
"name": "FEDORA-2019-cd24f60a94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10931",
"datePublished": "2018-08-09T20:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:35.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000469 (GCVE-0-2017-1000469)
Vulnerability from cvelistv5 – Published: 2018-01-03 20:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/issues/1845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the \"add repo\" component resulting in arbitrary code execution as root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/issues/1845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000469",
"REQUESTER": "becholey@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the \"add repo\" component resulting in arbitrary code execution as root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/issues/1845",
"refsource": "CONFIRM",
"url": "https://github.com/cobbler/cobbler/issues/1845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000469",
"datePublished": "2018-01-03T20:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:48.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4953 (GCVE-0-2011-4953)
Vulnerability from cvelistv5 – Published: 2014-10-27 01:00 – Updated: 2024-08-07 00:23
VLAI?
Summary
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0552",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=757062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-27T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2012:0552",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=757062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4953",
"datePublished": "2014-10-27T01:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}