Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Yzd3LWp2aHgtcDZxOc4AAWID
Cobbler Path Traversal vulnerability
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Permalink: https://github.com/advisories/GHSA-xc7w-jvhx-p6q9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzd3LWp2aHgtcDZxOc4AAWID
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 7 months ago
Identifiers: GHSA-xc7w-jvhx-p6q9, CVE-2014-3225
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-3225
- https://github.com/cobbler/cobbler/issues/939
- https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be
- http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
- http://seclists.org/oss-sec/2014/q2/273
- http://seclists.org/oss-sec/2014/q2/274
- http://www.exploit-db.com/exploits/33252
- http://www.osvdb.org/106759
- http://www.securityfocus.com/archive/1/532094/100/0/threaded
- http://www.securityfocus.com/bid/67277
- https://github.com/cobbler/cobbler/commit/8232c0e88ec7382d3f8d3bf48c81a4a91ac4325d
- https://github.com/cobbler/cobbler/commit/f757e3096fcd32397609ca38efb01f19d16dd634
- https://github.com/advisories/GHSA-xc7w-jvhx-p6q9
Blast Radius: 0.0
Affected Packages
pypi:cobbler
Dependent packages: 0Dependent repositories: 11
Downloads: 1,176 last month
Affected Version Ranges: >= 2.4.0, < 2.4.7, >= 2.6.0, < 2.6.4
Fixed in: 2.4.7, 2.6.4
All affected versions:
All unaffected versions: 3.1.2, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7