Cobbler Project Cobbler 0.6.0

CPE Details

Cobbler Project Cobbler 0.6.0
0.6.0
2021-10-13
12h07 +00:00
2021-10-13
12h49 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cobbler_project:cobbler:0.6.0:*:*:*:*:*:*:*

Informations

Vendor

cobbler_project

Product

cobbler

Version

0.6.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-0860 2022-03-11 11h50 +00:00 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
9.1
Critical
CVE-2021-45083 2022-02-20 16h56 +00:00 An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
7.1
High
CVE-2021-45081 2022-02-20 16h52 +00:00 An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.
5.9
Medium
CVE-2021-45082 2022-02-18 22h23 +00:00 An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
7.8
High
CVE-2021-40325 2021-10-04 03h43 +00:00 Cobbler before 3.3.0 allows authorization bypass for modification of settings.
7.5
High
CVE-2021-40324 2021-10-04 03h39 +00:00 Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
7.5
High
CVE-2021-40323 2021-10-04 03h37 +00:00 Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
9.8
Critical
CVE-2017-1000469 2018-01-03 20h00 +00:00 Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
9.8
Critical
CVE-2011-4953 2014-10-27 00h00 +00:00 The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
6.8