Opoplawski

**Name of the Vulnerable Software and Affected Versions** Cobbler versions 3.0.0 through 3.2.2 Cobbler versions 3.3.0 through 3.3.6 **Description** The issue is related to an improper authentication vulnerability in Cobbler, a Linux installation server. This vulnerability allows anyone with network access to a Cobbler server to gain full control of the server. The `utils.get shared secret()` function always returns `-1`, which enables unauthorized access to the Cobbler XML-RPC as user `` with password `-1`. This gives an attacker the ability to make any changes to the server. **Recommendations** For Cobbler versions 3.0.0 through 3.2.2, update to version 3.2.3 or later. For Cobbler versions 3.3.0 through 3.3.6, update to version 3.3.7 or later. As a temporary workaround, consider restricting access to the Cobbler XML-RPC endpoint to minimize the risk of exploitation.