Search CVE reports
1 – 10 of 19 results
CVE-2022-0860
Low priorityImproper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | Fixed |
CVE-2021-45083
Medium priorityAn issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The...
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | Fixed |
CVE-2021-45081
Medium priorityAn issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | Ignored |
CVE-2021-45082
Low priorityAn issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with...
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | Fixed |
CVE-2021-40325
High priorityCobbler before 3.3.0 allows authorization bypass for modification of settings.
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | Not in release | Not in release | Not in release | Fixed |
CVE-2021-40324
High priorityCobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | Not in release | Not in release | Not in release | Fixed |
CVE-2021-40323
High priorityCobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | Not in release | Not in release | Not in release | Fixed |
CVE-2012-2092
Medium prioritySome fixes available 3 of 4
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.
2 affected packages
cobbler, maas-provision
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | — |
maas-provision | — | — | — | — | — |
CVE-2011-4954
Medium prioritySome fixes available 3 of 5
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | — |
CVE-2011-4952
Low prioritySome fixes available 3 of 5
cobbler: Web interface lacks CSRF protection when using Django framework
1 affected packages
cobbler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cobbler | — | — | — | — | — |