Skip to content

Cobbler restrict Kickstart Directory (Security Issue) #939

Closed
@dolevf

Description

@dolevf

hi,

As discussed in mailing lists, it makes sense restricting access to the kickstart directory in cobbler, so local file inclusions other than kickstart files are prohibited.

by specifiying 'Kickstart' value to /etc/passwd or any other crucial system file, local files are exposed by the cobbler web_ui and is a security vulnerability.

this issue has been opened here after discussion with Jorgen Maas.

Thanks,

Dolev Farhi, F5 Networks Inc

Metadata

Metadata

Assignees

Labels

PriorityIssues that will be worked on with higher priority.Security

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions