cobblerd CVE 脆弱性と CVE 一覧（5）

製品（CPE）: — CVE 件数: 5

cobblerd 脆弱性概要

cobblerd 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk cross-site scripting and vendor risk csrf などに関し、一部はファイル上書きを招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2011-4954	cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE	[email protected]	7.8	0.13%	2019-11-19	2024-11-21
CVE-2011-4952	cobbler: Web interface lacks CSRF protection when using Django framework	[email protected]	8.8	0.27%	2019-11-19	2024-11-21
CVE-2018-1000226	Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note thi	[email protected]	9.8	60.01%	2018-08-20	2024-11-21
CVE-2018-1000225	Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).	[email protected]	6.1	0.27%	2018-08-20	2024-11-21
CVE-2014-3225	Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.	[email protected]	4.0	6.11%	2014-05-14	2026-05-06

cvelogic Threat Intelligence