Latest cobbler project cobbler Vulnerabilities

CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
Cobbler Project Cobbler<3.3.2
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2021-45081
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
Cobbler Project Cobbler<=3.3.1
CVE-2021-45083
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privile...
Cobbler Project Cobbler<3.3.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring....
Cobbler Project Cobbler<3.3.1
openSUSE Factory
Opensuse Backports=sle-15-sp3
Opensuse Backports=sle-15-sp4
SUSE Linux Enterprise Server=11-sp3
SUSE Linux Enterprise Server=12
and 5 more
CVE-2021-40325
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
pip/cobbler<3.3.0
Cobbler Project Cobbler<=3.3.0
CVE-2021-40323
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler<=3.3.0
CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Cobbler Project Cobbler<=3.3.0
CVE-2016-9605
A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating ...
Cobbler Project Cobbler=2.6.11-1
CVE-2018-10931
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, ...
Cobbler Project Cobbler>=2.6.0<=2.6.11
Redhat Satellite=5.6
Redhat Satellite=5.7
Redhat Satellite=5.8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203