GSA_kwCzR0hTQS14Yzd3LWp2aHgtcDZxOc4AAWID

Moderate EPSS: 0.06296% (0.905 Percentile) EPSS:

Permalink JSON

Cobbler Path Traversal vulnerability

Affected Packages	Affected Versions	Fixed Versions
pypi:cobbler PURL: `pkg:pypi/cobbler`	>= 2.4.0, < 2.4.7, >= 2.6.0, < 2.6.4	2.4.7, 2.6.4
0 Dependent packages 11 Dependent repositories 643 Downloads last month Affected Version Ranges All affected versions All unaffected versions 3.1.2, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

References:

https://nvd.nist.gov/vuln/detail/CVE-2014-3225
https://github.com/cobbler/cobbler/issues/939
https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be
http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
http://seclists.org/oss-sec/2014/q2/273
http://seclists.org/oss-sec/2014/q2/274
http://www.exploit-db.com/exploits/33252
http://www.osvdb.org/106759
http://www.securityfocus.com/archive/1/532094/100/0/threaded
http://www.securityfocus.com/bid/67277
https://github.com/cobbler/cobbler/commit/8232c0e88ec7382d3f8d3bf48c81a4a91ac4325d
https://github.com/cobbler/cobbler/commit/f757e3096fcd32397609ca38efb01f19d16dd634
https://github.com/advisories/GHSA-xc7w-jvhx-p6q9

Identifiers

GHSA-xc7w-jvhx-p6q9

CVE-2014-3225

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.06296

EPSS Percentile: 0.905

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/cobbler/cobbler

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories