CVE-2014-3225 – cobbler

Package

Manager: pip
Name: cobbler
Vulnerable Version: >=2.6.0 <2.6.4 || >=2.4.0 <2.4.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.06296 pctl0.90568

Details

Cobbler Path Traversal vulnerability Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Metadata

Created: 2022-05-14T02:52:42Z
Modified: 2024-04-08T18:58:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xc7w-jvhx-p6q9/GHSA-xc7w-jvhx-p6q9.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-xc7w-jvhx-p6q9
Finding: F063
Auto approve: 1