Skip to content

Cobbler Path Traversal vulnerability

Moderate severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Apr 10, 2024

Package

pip cobbler (pip)

Affected versions

>= 2.6.0, < 2.6.4
>= 2.4.0, < 2.4.7

Patched versions

2.6.4
2.4.7

Description

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

References

Published by the National Vulnerability Database May 14, 2014
Published to the GitHub Advisory Database May 14, 2022
Reviewed Apr 8, 2024
Last updated Apr 10, 2024

Severity

Moderate

EPSS score

2.972%
(91st percentile)

Weaknesses

CVE ID

CVE-2014-3225

GHSA ID

GHSA-xc7w-jvhx-p6q9

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.