vulnerability
Ubuntu: USN-6475-1 (CVE-2018-1000225): Cobbler vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Aug 20, 2018 | Nov 16, 2023 | Nov 15, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Aug 20, 2018
Added
Nov 16, 2023
Modified
Nov 15, 2024
Description
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).
Solution(s)
ubuntu-pro-upgrade-cobblerubuntu-pro-upgrade-cobbler-commonubuntu-pro-upgrade-cobbler-webubuntu-pro-upgrade-koanubuntu-pro-upgrade-python-cobblerubuntu-pro-upgrade-python-koan
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.