GHSA-xc7w-jvhx-p6q9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xc7w-jvhx-p6q9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xc7w-jvhx-p6q9/GHSA-xc7w-jvhx-p6q9.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xc7w-jvhx-p6q9
- Aliases
-
- CVE-2014-3225
- Published
- 2022-05-14T02:52:42Z
- Modified
- 2024-04-10T19:12:55.530748Z
- Summary
- Cobbler Path Traversal vulnerability
- Details
-
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
- Database specific
{ "nvd_published_at": "2014-05-14T00:55:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed_at": "2024-04-08T18:58:54Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-3225
- https://github.com/cobbler/cobbler/issues/939
- https://github.com/cobbler/cobbler/commit/8232c0e88ec7382d3f8d3bf48c81a4a91ac4325d
- https://github.com/cobbler/cobbler/commit/f757e3096fcd32397609ca38efb01f19d16dd634
- https://github.com/cobbler/cobbler
- https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be
- http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
- http://seclists.org/oss-sec/2014/q2/273
- http://seclists.org/oss-sec/2014/q2/274
- http://www.exploit-db.com/exploits/33252
- http://www.osvdb.org/106759
- http://www.securityfocus.com/archive/1/532094/100/0/threaded
- http://www.securityfocus.com/bid/67277
Affected packages
PyPI / cobbler
Package
- Name
- cobbler
- View open source insights on deps.dev
- Purl
- pkg:pypi/cobbler
PyPI / cobbler
Package
- Name
- cobbler
- View open source insights on deps.dev
- Purl
- pkg:pypi/cobbler