ID CVE-2018-10931
Summary It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
NASL family Red Hat Local Security Checks
NASL id REDHAT-RHSA-2018-2372.NASL
description An update for cobbler is now available for Red Hat Satellite 5.6, Red Hat Satellite 5.7, and Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. Cobbler has a XMLRPC API for integration with other applications. Security Fix(es) : * cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC (CVE-2018-10931) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Cedric Buissart (Red Hat).
last seen 2018-08-10
modified 2018-08-10
plugin id 111623
published 2018-08-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=111623
title RHEL 6 : cobbler (RHSA-2018:2372)
redhat via4
advisories
rhsa
id RHSA-2018:2372
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931
Last major update 09-08-2018 - 16:29
Published 09-08-2018 - 16:29
Last modified 10-08-2018 - 21:29
Back to Top