It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
References
Configurations
History
12 Feb 2023, 23:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. |
02 Feb 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931 - Mitigation, Issue Tracking, Third Party Advisory | |
Summary | An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context. |
Information
Published : 2018-08-09 20:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-10931
Mitre link : CVE-2018-10931
CVE.ORG link : CVE-2018-10931
JSON object : View
Products Affected
redhat
- satellite
cobbler_project
- cobbler
CWE
CWE-749
Exposed Dangerous Method or Function