CVE-2022-0860

< 3.3.2

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

9.1CRITICAL

CVE-2021-45083

< 3.3.1

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensiti

7.1HIGH

CVE-2021-45081

<= 3.3.1

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS

5.9MEDIUM

CVE-2021-45082

< 3.3.1

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah

7.8HIGH

CVE-2021-40325

<= 3.3.0

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

7.5HIGH

CVE-2021-40324

<= 3.3.0

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

7.5HIGH

CVE-2021-40323

<= 3.3.0

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for

9.8CRITICAL

CVE-2011-4954

all versions

cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

7.8HIGH

CVE-2011-4952

all versions

cobbler: Web interface lacks CSRF protection when using Django framework

8.8HIGH

CVE-2016-9605

all versions

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, le

6.1MEDIUM

CVE-2018-1000226

>= 2.0.0

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old

9.8CRITICAL

CVE-2018-1000225

all versions

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old

6.1MEDIUM

CVE-2018-10931

>= 2.6.0 and <= 2.6.11

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated

9.8CRITICAL

CVE-2017-1000469

<= 2.8.2

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary

9.8CRITICAL

CVE-2011-4953

<= 2.2.1

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code v

CVE-2014-3225

all versions

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to rea

CVE-2012-2395

all versions

Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via s

CVE-2010-4512

<= 2.0.3.1-2

Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world wri

CVE-2010-2235

<= 2.0.4

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the abil

CVE-2009-5021

<= 1.4.3-4

Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attac

CVE-2008-6954

<= 1.2.8

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobbl