Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000225

Опубликовано: 02 авг. 2018
Источник: redhat
CVSS3: 9.6
EPSS Низкий

Описание

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

Отчет

This issue did not affect the versions of cobbler as shipped with Red Hat Satellite 5 as it does not ship cobbler-web.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8cobblerWill not fix
Red Hat Satellite 5cobblerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1612105cobbler: Persistent XSS vulnerability in cobbler-web

EPSS

Процентиль: 50%
0.00268
Низкий

9.6 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000225

CVSS3: 6.1
ubuntu
больше 7 лет назад

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

nvd логотип

CVE-2018-1000225

CVSS3: 6.1
nvd
больше 7 лет назад

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

debian логотип

CVE-2018-1000225

CVSS3: 6.1
debian
больше 7 лет назад

Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...

github логотип

GHSA-q9g5-98pm-w6q7

CVSS3: 6.1
github
больше 3 лет назад

Cobbler XSS Vulnerability

suse-cvrf логотип

openSUSE-SU-2018:2590-1

suse-cvrf
больше 7 лет назад

Security update for cobbler

EPSS

Процентиль: 50%
0.00268
Низкий

9.6 Critical

CVSS3