GHSA-8787-63px-3m23
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8787-63px-3m23
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8787-63px-3m23/GHSA-8787-63px-3m23.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8787-63px-3m23
- Aliases
- Published
- 2022-05-13T01:54:14Z
- Modified
- 2023-11-01T04:48:46.123603Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Cobbler has Exposed Dangerous Method or Function
- Details
-
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-10931
- https://github.com/cobbler/cobbler/issues/1916
- https://github.com/cobbler/cobbler/pull/1921
- https://github.com/cobbler/cobbler/commit/1b91a3d3ac87c31d9dac2307513feb2aa49620a6
- https://access.redhat.com/errata/RHSA-2018:2372
- https://access.redhat.com/security/cve/CVE-2018-10931
- https://bugzilla.redhat.com/show_bug.cgi?id=1613861
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931
- https://github.com/cobbler/cobbler
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA
- https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api
Affected packages
PyPI / cobbler
Package
- Name
- cobbler
- View open source insights on deps.dev
- Purl
- pkg:pypi/cobbler