csaf_suse - suse-ru-2018:2639-1

suse-ru-2018:2639-1

Vulnerability from csaf_suse

Published

2018-09-06 11:50

Modified

2018-09-06 11:50

Summary

Recommended update for SUSE Manager 3.1 Release Notes

Notes

Title of the patch

Recommended update for SUSE Manager 3.1 Release Notes

Description of the patch

This update for the SUSE Manager 3.0 Release Notes provides the following additions: - SUSE Manager Server bugs fixed by latest updates + bsc#1057635, bsc#1083295, bsc#1087837, bsc#1089362, bsc#1089526, bsc#1089662, bsc#1093458, bsc#1096264, bsc#1096514, bsc#1097250, bsc#1097697, bsc#1098388, bsc#1098394, bsc#1098815, bsc#1098993, bsc#1099583, bsc#1099638, bsc#1099781, bsc#1100131, bsc#1100731, bsc#1101670, bsc#1102009, bsc#1103044, bsc#1103090, bsc#1103218, bsc#1104025, bsc#1104503, bsc#1105440, bsc#1105442 - SUSE Manager Server security issues fixed by latest updates + CVE-2018-1000225, CVE-2018-1000226, CVE-2018-9159 - SUSE Manager Proxy bugs fixed by latest updates + bsc#1083295, bsc#1094705, bsc#1097697

Patchnames

SUSE-SUSE-Manager-Proxy-3.1-2018-1849,SUSE-SUSE-Manager-Server-3.1-2018-1849

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Recommended update for SUSE Manager 3.1 Release Notes",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the SUSE Manager 3.0 Release Notes provides the following additions:\n\n- SUSE Manager Server bugs fixed by latest updates\n\n  + bsc#1057635, bsc#1083295, bsc#1087837, bsc#1089362, bsc#1089526,\n    bsc#1089662, bsc#1093458, bsc#1096264, bsc#1096514, bsc#1097250,\n    bsc#1097697, bsc#1098388, bsc#1098394, bsc#1098815, bsc#1098993,\n    bsc#1099583, bsc#1099638, bsc#1099781, bsc#1100131, bsc#1100731,\n    bsc#1101670, bsc#1102009, bsc#1103044, bsc#1103090, bsc#1103218,\n    bsc#1104025, bsc#1104503, bsc#1105440, bsc#1105442\n\n- SUSE Manager Server security issues fixed by latest updates\n\n  + CVE-2018-1000225, CVE-2018-1000226, CVE-2018-9159\n\n- SUSE Manager Proxy bugs fixed by latest updates\n\n  + bsc#1083295, bsc#1094705, bsc#1097697\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SUSE-Manager-Proxy-3.1-2018-1849,SUSE-SUSE-Manager-Server-3.1-2018-1849",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2018_2639-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-RU-2018:2639-1",
        "url": "https://www.suse.com/support/update/announcement//suse-ru-20182639-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-RU-2018:2639-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2018-September/009273.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1087837",
        "url": "https://bugzilla.suse.com/1087837"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105440",
        "url": "https://bugzilla.suse.com/1105440"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105442",
        "url": "https://bugzilla.suse.com/1105442"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000225 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000225/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000226 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000226/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-9159 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-9159/"
      }
    ],
    "title": "Recommended update for SUSE Manager 3.1 Release Notes",
    "tracking": {
      "current_release_date": "2018-09-06T11:50:51Z",
      "generator": {
        "date": "2018-09-06T11:50:51Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-RU-2018:2639-1",
      "initial_release_date": "2018-09-06T11:50:51Z",
      "revision_history": [
        {
          "date": "2018-09-06T11:50:51Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
                  "product_id": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-3.1.8-5.38.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-3.1.8-5.38.1.ppc64le",
                  "product_id": "release-notes-susemanager-3.1.8-5.38.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-3.1.8-5.38.1.s390x",
                "product": {
                  "name": "release-notes-susemanager-3.1.8-5.38.1.s390x",
                  "product_id": "release-notes-susemanager-3.1.8-5.38.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
                  "product_id": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-3.1.8-5.38.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-3.1.8-5.38.1.x86_64",
                  "product_id": "release-notes-susemanager-3.1.8-5.38.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 3.1",
                "product": {
                  "name": "SUSE Manager Proxy 3.1",
                  "product_id": "SUSE Manager Proxy 3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:3.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 3.1",
                "product": {
                  "name": "SUSE Manager Server 3.1",
                  "product_id": "SUSE Manager Server 3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:3.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le as component of SUSE Manager Proxy 3.1",
          "product_id": "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le"
        },
        "product_reference": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Proxy 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64 as component of SUSE Manager Proxy 3.1",
          "product_id": "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-3.1.8-5.38.1.ppc64le as component of SUSE Manager Server 3.1",
          "product_id": "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le"
        },
        "product_reference": "release-notes-susemanager-3.1.8-5.38.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-3.1.8-5.38.1.s390x as component of SUSE Manager Server 3.1",
          "product_id": "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x"
        },
        "product_reference": "release-notes-susemanager-3.1.8-5.38.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-3.1.8-5.38.1.x86_64 as component of SUSE Manager Server 3.1",
          "product_id": "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-3.1.8-5.38.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 3.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1000225",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000225"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
          "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000225",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000225"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1105442"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-06T11:50:51Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-1000225"
    },
    {
      "cve": "CVE-2018-1000226",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000226"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
          "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000226",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105440 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1105440"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1105442"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131852 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1131852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-06T11:50:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1000226"
    },
    {
      "cve": "CVE-2018-9159",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-9159"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
          "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
          "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-9159",
          "url": "https://www.suse.com/security/cve/CVE-2018-9159"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087837 for CVE-2018-9159",
          "url": "https://bugzilla.suse.com/1087837"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089101 for CVE-2018-9159",
          "url": "https://bugzilla.suse.com/1089101"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.ppc64le",
            "SUSE Manager Proxy 3.1:release-notes-susemanager-proxy-3.1.8-0.15.29.1.x86_64",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.ppc64le",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.s390x",
            "SUSE Manager Server 3.1:release-notes-susemanager-3.1.8-5.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-06T11:50:51Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-9159"
    }
  ]
}

CVE-2018-1000225 (GCVE-0-2018-1000225)

Vulnerability from cvelistv5

Published

2018-08-20 20:00

Modified

2024-08-05 12:40

Severity ?

CWE

Summary

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

References

▼	URL	Tags
	https://github.com/cobbler/cobbler/issues/1917	x_refsource_CONFIRM
	https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:46.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/cobbler/cobbler/issues/1917"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-08-02T00:00:00",
      "datePublic": "2018-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-01T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cobbler/cobbler/issues/1917"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-08-02T16:41:53.515834",
          "DATE_REQUESTED": "2018-08-02T16:09:44",
          "ID": "CVE-2018-1000225",
          "REQUESTER": "cvereports@movermeyer.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cobbler/cobbler/issues/1917",
              "refsource": "CONFIRM",
              "url": "https://github.com/cobbler/cobbler/issues/1917"
            },
            {
              "name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",
              "refsource": "MISC",
              "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000225",
    "datePublished": "2018-08-20T20:00:00",
    "dateReserved": "2018-08-02T00:00:00",
    "dateUpdated": "2024-08-05T12:40:46.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000226 (GCVE-0-2018-1000226)

Vulnerability from cvelistv5

Published

2018-08-20 20:00

Modified

2024-08-05 12:40

Severity ?

CWE

Summary

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

References

▼	URL	Tags
	https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/	x_refsource_MISC
	https://github.com/cobbler/cobbler/issues/1916	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:46.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/cobbler/cobbler/issues/1916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-08-02T00:00:00",
      "datePublic": "2018-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-01T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cobbler/cobbler/issues/1916"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-08-02T16:41:53.516803",
          "DATE_REQUESTED": "2018-08-02T16:12:25",
          "ID": "CVE-2018-1000226",
          "REQUESTER": "cvereports@movermeyer.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",
              "refsource": "MISC",
              "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
            },
            {
              "name": "https://github.com/cobbler/cobbler/issues/1916",
              "refsource": "CONFIRM",
              "url": "https://github.com/cobbler/cobbler/issues/1916"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000226",
    "datePublished": "2018-08-20T20:00:00",
    "dateReserved": "2018-08-02T00:00:00",
    "dateUpdated": "2024-08-05T12:40:46.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-9159 (GCVE-0-2018-9159)

Vulnerability from cvelistv5

Published

2018-03-31 21:00

Modified

2024-08-05 07:17

Severity ?

CWE

Summary

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.

References

▼	URL	Tags
	https://github.com/perwendel/spark/issues/981	x_refsource_MISC
	https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:2020	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2405	vendor-advisory, x_refsource_REDHAT
	https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc	x_refsource_MISC
	http://sparkjava.com/news#spark-272-released	x_refsource_MISC
	https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:17:51.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/perwendel/spark/issues/981"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd"
          },
          {
            "name": "RHSA-2018:2020",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2020"
          },
          {
            "name": "RHSA-2018:2405",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2405"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sparkjava.com/news#spark-272-released"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/perwendel/spark/issues/981"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd"
        },
        {
          "name": "RHSA-2018:2020",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2020"
        },
        {
          "name": "RHSA-2018:2405",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2405"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sparkjava.com/news#spark-272-released"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-9159",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/perwendel/spark/issues/981",
              "refsource": "MISC",
              "url": "https://github.com/perwendel/spark/issues/981"
            },
            {
              "name": "https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd",
              "refsource": "MISC",
              "url": "https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd"
            },
            {
              "name": "RHSA-2018:2020",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2020"
            },
            {
              "name": "RHSA-2018:2405",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2405"
            },
            {
              "name": "https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc",
              "refsource": "MISC",
              "url": "https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc"
            },
            {
              "name": "http://sparkjava.com/news#spark-272-released",
              "refsource": "MISC",
              "url": "http://sparkjava.com/news#spark-272-released"
            },
            {
              "name": "https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668",
              "refsource": "MISC",
              "url": "https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-9159",
    "datePublished": "2018-03-31T21:00:00",
    "dateReserved": "2018-03-31T00:00:00",
    "dateUpdated": "2024-08-05T07:17:51.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-ru-2018:2639-1

Vulnerability from csaf_suse

CVE-2018-1000225 (GCVE-0-2018-1000225)

Vulnerability from cvelistv5

CVE-2018-1000226 (GCVE-0-2018-1000226)

Vulnerability from cvelistv5

CVE-2018-9159 (GCVE-0-2018-9159)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature