PT-2018-10192 · Cobbler+2 · Cobbler+2

Cedric Buissart

Publicado

2018-08-09

Atualizado

2024-06-15

CVE-2018-10931

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cobbler versions 2.6.x

Description A flaw was discovered in cobbler where its CobblerXMLRPCInterface class exposes all functions over XMLRPC, allowing a remote, unauthenticated attacker to gain high privileges within cobbler and upload files to arbitrary locations in the context of the daemon.

Recommendations For cobbler versions 2.6.x, consider restricting access to the CobblerXMLRPCInterface class until a patch is available. As a temporary workaround, limit the exposure of XMLRPC functions to prevent unauthorized access.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-749

Identificadores relacionados

CVE-2018-10931

GHSA-8787-63PX-3M23

OPENSUSE-SU-2018_2590-1

OPENSUSE-SU-2021:0046-1

OPENSUSE-SU-2021:0058-1

OPENSUSE-SU-2021_0046-1

OPENSUSE-SU-2024:10690-1

RHSA-2018:2372

SUSE-SU-2018:2550-1

SUSE-SU-2018:2551-1

SUSE-SU-2018:2561-1

SUSE-SU-2018:2608-1

SUSE-SU-2018_2550-1

USN-6475-1

Produtos afetados

Suse

Ubuntu

Cobbler

PT-2018-10192 · Cobbler+2 · Cobbler+2

CVE-2018-10931

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 116