Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by cobblerd
CVE-2011-4954 (GCVE-0-2011-4954)
Vulnerability from cvelistv5 – Published: 2019-11-19 15:41 – Updated: 2024-08-07 00:23
VLAI
Summary
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
Severity
No CVSS data available.
CWE
- Local privilege escalation due use of insecure (world writable) location for PYTHON_EGG_CACHE cache
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-4954 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/0… | x_refsource_MISC |
| https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cobbler",
"vendor": "cobbler",
"versions": [
{
"status": "affected",
"version": "2011-09-28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local privilege escalation due use of insecure (world writable) location for PYTHON_EGG_CACHE cache",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T15:41:37.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4954",
"datePublished": "2019-11-19T15:41:37.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:38.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4952 (GCVE-0-2011-4952)
Vulnerability from cvelistv5 – Published: 2019-11-19 15:29 – Updated: 2024-08-07 00:23
VLAI
Summary
cobbler: Web interface lacks CSRF protection when using Django framework
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-4952 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/0… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cobbler",
"vendor": "cobbler",
"versions": [
{
"status": "affected",
"version": "2011-09-28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cobbler: Web interface lacks CSRF protection when using Django framework"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T15:29:47.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4952",
"datePublished": "2019-11-19T15:29:47.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:23:39.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000225 (GCVE-0-2018-1000225)
Vulnerability from cvelistv5 – Published: 2018-08-20 20:00 – Updated: 2024-08-05 12:40
VLAI
Summary
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cobbler/cobbler/issues/1917 | x_refsource_CONFIRM |
| https://movermeyer.com/2018-08-02-privilege-escal… | x_refsource_MISC |
Date Public
2018-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:46.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/issues/1917"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-02T00:00:00.000Z",
"datePublic": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-01T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/issues/1917"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.515834",
"DATE_REQUESTED": "2018-08-02T16:09:44",
"ID": "CVE-2018-1000225",
"REQUESTER": "cvereports@movermeyer.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/issues/1917",
"refsource": "CONFIRM",
"url": "https://github.com/cobbler/cobbler/issues/1917"
},
{
"name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",
"refsource": "MISC",
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000225",
"datePublished": "2018-08-20T20:00:00.000Z",
"dateReserved": "2018-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:40:46.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000226 (GCVE-0-2018-1000226)
Vulnerability from cvelistv5 – Published: 2018-08-20 20:00 – Updated: 2024-08-05 12:40
VLAI
Summary
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://movermeyer.com/2018-08-02-privilege-escal… | x_refsource_MISC |
| https://github.com/cobbler/cobbler/issues/1916 | x_refsource_CONFIRM |
Date Public
2018-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:46.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/issues/1916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-02T00:00:00.000Z",
"datePublic": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-01T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cobbler/cobbler/issues/1916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.516803",
"DATE_REQUESTED": "2018-08-02T16:12:25",
"ID": "CVE-2018-1000226",
"REQUESTER": "cvereports@movermeyer.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",
"refsource": "MISC",
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
},
{
"name": "https://github.com/cobbler/cobbler/issues/1916",
"refsource": "CONFIRM",
"url": "https://github.com/cobbler/cobbler/issues/1916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000226",
"datePublished": "2018-08-20T20:00:00.000Z",
"dateReserved": "2018-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:40:46.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3225 (GCVE-0-2014-3225)
Vulnerability from cvelistv5 – Published: 2014-05-14 00:00 – Updated: 2024-08-06 10:35
VLAI
Summary
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q2/274 | mailing-listx_refsource_MLIST |
| https://github.com/cobbler/cobbler/issues/939 | x_refsource_MISC |
| http://www.osvdb.org/106759 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/67277 | vdb-entryx_refsource_BID |
| http://seclists.org/oss-sec/2014/q2/273 | mailing-listx_refsource_MLIST |
| https://www.youtube.com/watch?v=vuBaoQUFEYQ&featu… | x_refsource_MISC |
| http://packetstormsecurity.com/files/126553/Cobbl… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/532094/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.exploit-db.com/exploits/33252 | exploitx_refsource_EXPLOIT-DB |
Date Public
2014-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/274"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/issues/939"
},
{
"name": "106759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/106759"
},
{
"name": "67277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67277"
},
{
"name": "[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/273"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ\u0026feature=youtu.be"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"
},
{
"name": "20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"
},
{
"name": "33252",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/274"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/issues/939"
},
{
"name": "106759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/106759"
},
{
"name": "67277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67277"
},
{
"name": "[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/273"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ\u0026feature=youtu.be"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"
},
{
"name": "20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"
},
{
"name": "33252",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/274"
},
{
"name": "https://github.com/cobbler/cobbler/issues/939",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/issues/939"
},
{
"name": "106759",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/106759"
},
{
"name": "67277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67277"
},
{
"name": "[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/273"
},
{
"name": "https://www.youtube.com/watch?v=vuBaoQUFEYQ\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ\u0026feature=youtu.be"
},
{
"name": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"
},
{
"name": "20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"
},
{
"name": "33252",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3225",
"datePublished": "2014-05-14T00:00:00.000Z",
"dateReserved": "2014-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:35:57.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}