Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-10931

Опубликовано: 09 авг. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Средний

Описание

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.11 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.67782
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-749
CWE-749

Связанные уязвимости

ubuntu логотип

CVE-2018-10931

CVSS3: 9.8
ubuntu
больше 7 лет назад

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

redhat логотип

CVE-2018-10931

CVSS3: 9.8
redhat
больше 7 лет назад

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

debian логотип

CVE-2018-10931

CVSS3: 9.8
debian
больше 7 лет назад

It was found that cobbler 2.6.x exposed all functions from its Cobbler ...

suse-cvrf логотип

SUSE-SU-2018:2550-1

suse-cvrf
больше 7 лет назад

Security update for cobbler

github логотип

GHSA-8787-63px-3m23

CVSS3: 9.8
github
больше 3 лет назад

Cobbler has Exposed Dangerous Method or Function

EPSS

Процентиль: 99%
0.67782
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-749
CWE-749