Vulnerability-Lookup

CVE-2018-10931 (GCVE-0-2018-10931)

Vulnerability from cvelistv5 – Published: 2018-08-09 20:00 – Updated: 2024-08-05 07:54

Summary

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-749

Assigner

redhat

References

4 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2372	vendor-advisoryx_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

1 product

Vendor	Product	Version
The Cobbler Project	cobbler	Affected: 2.6.x

Date Public

2018-08-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:35.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931"
          },
          {
            "name": "RHSA-2018:2372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2372"
          },
          {
            "name": "FEDORA-2019-3cacfb34ad",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/"
          },
          {
            "name": "FEDORA-2019-cd24f60a94",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cobbler",
          "vendor": "The Cobbler Project",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.x"
            }
          ]
        }
      ],
      "datePublic": "2018-08-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-11T22:06:10.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931"
        },
        {
          "name": "RHSA-2018:2372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2372"
        },
        {
          "name": "FEDORA-2019-3cacfb34ad",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/"
        },
        {
          "name": "FEDORA-2019-cd24f60a94",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10931",
    "datePublished": "2018-08-09T20:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:54:35.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-10931",
      "date": "2026-06-13",
      "epss": "0.31538",
      "percentile": "0.96917"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-10931\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-08-09T20:29:00.347\",\"lastModified\":\"2024-11-21T03:42:20.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto que cobbler 2.6.x expon\u00eda todas las funciones desde su clase CobblerXMLRPCInterface mediante XMLRPC. Un atacante no autenticado remoto podr\u00eda emplear este error para obtener privilegios elevados en cobbler o subir archivos a ubicaciones arbitrarias en el contexto del demonio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-749\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-749\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndIncluding\":\"2.6.11\",\"matchCriteriaId\":\"C18902E1-B7B9-4A35-9B78-F2579D924541\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4840254-CC76-4113-BC61-360BD15582B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85EA16E0-9261-45C4-840F-5366E9EAC5E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F86C3C-B99C-44C6-97D7-163DC3F59687\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2372\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2372\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2018:2561-1

Vulnerability from csaf_suse - Published: 2018-08-30 14:10 - Updated: 2018-08-30 14:10

Summary

Security update for cobbler

Severity

Important

Notes

Title of the patch: Security update for cobbler

Description of the patch: This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case. (bsc#1097733) - fix kernel options when generating bootiso (bsc#1101670)

Patchnames: HPE-Helion-OpenStack-8-2018-1795,SUSE-OpenStack-Cloud-8-2018-1795,SUSE-SLE-Manager-Tools-12-2018-1795,SUSE-SUSE-Manager-Server-3.0-2018-1795

CVE-2018-1000225

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix

Threats

Impact critical

CVE-2018-1000226

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2018-10931

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch	—	Vendor Fix

Threats

Impact critical

References

31 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1097733	self
https://bugzilla.suse.com/1101670	self
https://bugzilla.suse.com/1104189	self
https://bugzilla.suse.com/1104190	self
https://bugzilla.suse.com/1104287	self
https://bugzilla.suse.com/1105440	self
https://bugzilla.suse.com/1105442	self
https://www.suse.com/security/cve/CVE-2018-1000225/	self
https://www.suse.com/security/cve/CVE-2018-1000226/	self
https://www.suse.com/security/cve/CVE-2018-10931/	self
https://www.suse.com/security/cve/CVE-2018-1000225	external
https://bugzilla.suse.com/1104190	external
https://bugzilla.suse.com/1104287	external
https://bugzilla.suse.com/1105442	external
https://www.suse.com/security/cve/CVE-2018-1000226	external
https://bugzilla.suse.com/1104190	external
https://bugzilla.suse.com/1104287	external
https://bugzilla.suse.com/1105440	external
https://bugzilla.suse.com/1105442	external
https://bugzilla.suse.com/1131852	external
https://www.suse.com/security/cve/CVE-2018-10931	external
https://bugzilla.suse.com/1104189	external
https://bugzilla.suse.com/1104190	external
https://bugzilla.suse.com/1104287	external
https://bugzilla.suse.com/1105440	external
https://bugzilla.suse.com/1105442	external
https://bugzilla.suse.com/1130105	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for cobbler",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for cobbler fixes the following issues:\n\nSecurity issues fixed:\n\n- Forbid exposure of private methods in the API (CVE-2018-10931,\n  CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442)\n- Check access token when calling \u0027modify_setting\u0027 API endpoint (bsc#1104190,\n  bsc#1105440, CVE-2018-1000226)\n\nOther bugs fixed:\n\n- Do not try to hardlink to a symlink. The result will be a dangling symlink\n  in the general case. (bsc#1097733)\n- fix kernel options when generating bootiso (bsc#1101670)\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2018-1795,SUSE-OpenStack-Cloud-8-2018-1795,SUSE-SLE-Manager-Tools-12-2018-1795,SUSE-SUSE-Manager-Server-3.0-2018-1795",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2561-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2561-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182561-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2561-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004514.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097733",
        "url": "https://bugzilla.suse.com/1097733"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101670",
        "url": "https://bugzilla.suse.com/1101670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104189",
        "url": "https://bugzilla.suse.com/1104189"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104190",
        "url": "https://bugzilla.suse.com/1104190"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104287",
        "url": "https://bugzilla.suse.com/1104287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105440",
        "url": "https://bugzilla.suse.com/1105440"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105442",
        "url": "https://bugzilla.suse.com/1105442"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000225 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000225/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000226 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000226/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10931 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10931/"
      }
    ],
    "title": "Security update for cobbler",
    "tracking": {
      "current_release_date": "2018-08-30T14:10:22Z",
      "generator": {
        "date": "2018-08-30T14:10:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2561-1",
      "initial_release_date": "2018-08-30T14:10:22Z",
      "revision_history": [
        {
          "date": "2018-08-30T14:10:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cobbler-2.6.6-49.14.1.noarch",
                "product": {
                  "name": "cobbler-2.6.6-49.14.1.noarch",
                  "product_id": "cobbler-2.6.6-49.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "koan-2.6.6-49.14.1.noarch",
                "product": {
                  "name": "koan-2.6.6-49.14.1.noarch",
                  "product_id": "koan-2.6.6-49.14.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Client Tools 12",
                "product": {
                  "name": "SUSE Manager Client Tools 12",
                  "product_id": "SUSE Manager Client Tools 12"
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 3.0",
                "product": {
                  "name": "SUSE Manager Server 3.0",
                  "product_id": "SUSE Manager Server 3.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:3.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cobbler-2.6.6-49.14.1.noarch as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch"
        },
        "product_reference": "cobbler-2.6.6-49.14.1.noarch",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cobbler-2.6.6-49.14.1.noarch as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
        },
        "product_reference": "cobbler-2.6.6-49.14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "koan-2.6.6-49.14.1.noarch as component of SUSE Manager Client Tools 12",
          "product_id": "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch"
        },
        "product_reference": "koan-2.6.6-49.14.1.noarch",
        "relates_to_product_reference": "SUSE Manager Client Tools 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cobbler-2.6.6-49.14.1.noarch as component of SUSE Manager Server 3.0",
          "product_id": "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch"
        },
        "product_reference": "cobbler-2.6.6-49.14.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1000225",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000225"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
          "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
          "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
          "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000225",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000225"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1105442"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
            "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
            "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
            "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
            "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
            "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
            "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-30T14:10:22Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-1000225"
    },
    {
      "cve": "CVE-2018-1000226",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000226"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
          "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
          "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
          "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000226",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105440 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1105440"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1105442"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131852 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1131852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
            "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
            "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
            "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
            "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
            "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
            "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-30T14:10:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1000226"
    },
    {
      "cve": "CVE-2018-10931",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10931"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
          "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
          "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
          "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10931",
          "url": "https://www.suse.com/security/cve/CVE-2018-10931"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104189 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1104189"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105440 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1105440"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1105442"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130105 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1130105"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
            "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
            "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
            "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "HPE Helion OpenStack 8:cobbler-2.6.6-49.14.1.noarch",
            "SUSE Manager Client Tools 12:koan-2.6.6-49.14.1.noarch",
            "SUSE Manager Server 3.0:cobbler-2.6.6-49.14.1.noarch",
            "SUSE OpenStack Cloud 8:cobbler-2.6.6-49.14.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-30T14:10:22Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-10931"
    }
  ]
}

SUSE-SU-2018:2608-1

Vulnerability from csaf_suse - Published: 2018-09-04 13:49 - Updated: 2018-09-04 13:49

Summary

Security update for cobbler

Severity

Important

Notes

Title of the patch: Security update for cobbler

Description of the patch: This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Fix kernel options when generating bootiso (bsc#1101670)

Patchnames: SUSE-SUSE-Manager-Server-3.1-2018-1832

CVE-2018-1000225

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch		—	Vendor Fix

Threats

Impact critical

CVE-2018-1000226

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch		—	Vendor Fix

Threats

Impact important

CVE-2018-10931

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch		—	Vendor Fix

Threats

Impact critical

References

30 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1101670	self
https://bugzilla.suse.com/1104189	self
https://bugzilla.suse.com/1104190	self
https://bugzilla.suse.com/1104287	self
https://bugzilla.suse.com/1105440	self
https://bugzilla.suse.com/1105442	self
https://www.suse.com/security/cve/CVE-2018-1000225/	self
https://www.suse.com/security/cve/CVE-2018-1000226/	self
https://www.suse.com/security/cve/CVE-2018-10931/	self
https://www.suse.com/security/cve/CVE-2018-1000225	external
https://bugzilla.suse.com/1104190	external
https://bugzilla.suse.com/1104287	external
https://bugzilla.suse.com/1105442	external
https://www.suse.com/security/cve/CVE-2018-1000226	external
https://bugzilla.suse.com/1104190	external
https://bugzilla.suse.com/1104287	external
https://bugzilla.suse.com/1105440	external
https://bugzilla.suse.com/1105442	external
https://bugzilla.suse.com/1131852	external
https://www.suse.com/security/cve/CVE-2018-10931	external
https://bugzilla.suse.com/1104189	external
https://bugzilla.suse.com/1104190	external
https://bugzilla.suse.com/1104287	external
https://bugzilla.suse.com/1105440	external
https://bugzilla.suse.com/1105442	external
https://bugzilla.suse.com/1130105	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for cobbler",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for cobbler fixes the following issues:\n\nSecurity issues fixed:\n\n- Forbid exposure of private methods in the API (CVE-2018-10931,\n  CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442)\n- Check access token when calling \u0027modify_setting\u0027 API endpoint\n  (bsc#1104190, bsc#1105440, CVE-2018-1000226)\n\nOther bugs fixed:\n\n- Fix kernel options when generating bootiso (bsc#1101670)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SUSE-Manager-Server-3.1-2018-1832",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2608-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2608-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182608-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2608-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004531.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101670",
        "url": "https://bugzilla.suse.com/1101670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104189",
        "url": "https://bugzilla.suse.com/1104189"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104190",
        "url": "https://bugzilla.suse.com/1104190"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104287",
        "url": "https://bugzilla.suse.com/1104287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105440",
        "url": "https://bugzilla.suse.com/1105440"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105442",
        "url": "https://bugzilla.suse.com/1105442"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000225 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000225/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000226 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000226/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10931 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10931/"
      }
    ],
    "title": "Security update for cobbler",
    "tracking": {
      "current_release_date": "2018-09-04T13:49:25Z",
      "generator": {
        "date": "2018-09-04T13:49:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2608-1",
      "initial_release_date": "2018-09-04T13:49:25Z",
      "revision_history": [
        {
          "date": "2018-09-04T13:49:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cobbler-2.6.6-5.17.1.noarch",
                "product": {
                  "name": "cobbler-2.6.6-5.17.1.noarch",
                  "product_id": "cobbler-2.6.6-5.17.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Server 3.1",
                "product": {
                  "name": "SUSE Manager Server 3.1",
                  "product_id": "SUSE Manager Server 3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:3.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cobbler-2.6.6-5.17.1.noarch as component of SUSE Manager Server 3.1",
          "product_id": "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
        },
        "product_reference": "cobbler-2.6.6-5.17.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1000225",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000225"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000225",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000225"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-1000225",
          "url": "https://bugzilla.suse.com/1105442"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-04T13:49:25Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-1000225"
    },
    {
      "cve": "CVE-2018-1000226",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000226"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000226",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000226"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105440 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1105440"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1105442"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131852 for CVE-2018-1000226",
          "url": "https://bugzilla.suse.com/1131852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-04T13:49:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1000226"
    },
    {
      "cve": "CVE-2018-10931",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10931"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10931",
          "url": "https://www.suse.com/security/cve/CVE-2018-10931"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104189 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1104189"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104190 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1104190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104287 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1104287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105440 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1105440"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105442 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1105442"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130105 for CVE-2018-10931",
          "url": "https://bugzilla.suse.com/1130105"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Manager Server 3.1:cobbler-2.6.6-5.17.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-04T13:49:25Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-10931"
    }
  ]
}

WID-SEC-W-2023-2929

Vulnerability from csaf_certbund - Published: 2018-08-09 22:00 - Updated: 2023-11-14 23:00

Summary

cobbler: Schwachstelle ermöglicht Manipulation von Dateien

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Cobbler ist ein Linux Installationsserver, welcher die schnelle Einrichtung von Netzwerk-Installationsumgebungen ermöglicht.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cobbler ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme: - Linux

CVE-2018-10931

Es existiert eine Schwachstelle in cobbler. Die Schwachstelle beruht darauf, dass cobbler alle Funktionen der CobblerXMLRPCInterface Klasse über XMLRPC verfügbar macht. Ein Angreifer kann dieses nutzen und innerhalb von cobbler seine Privilegien erhöhen und in der Folge im Kontext des Daemons beliebige Dateien hochladen.

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Satellite 5.7 Red Hat / Satellite	`cpe:/a:redhat:satellite:5.7`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source cobbler 2.6.x Open Source	`cpe:/a:cobbler:cobbler:2.6`	—
Red Hat Satellite 5.6 Red Hat / Satellite	`cpe:/a:redhat:satellite:5.6`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Red Hat Satellite 5.8 Red Hat / Satellite	`cpe:/a:redhat:satellite:5.8`	—

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://ubuntu.com/security/notices/USN-6475-1	external
http://rhn.redhat.com/errata/RHSA-2018-2372.html	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Cobbler ist ein Linux Installationsserver, welcher die schnelle Einrichtung von Netzwerk-Installationsumgebungen erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cobbler ausnutzen, um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2929 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-2929.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2929 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2929"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6475-1 vom 2023-11-15",
        "url": "https://ubuntu.com/security/notices/USN-6475-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2372 vom 2018-08-09",
        "url": "http://rhn.redhat.com/errata/RHSA-2018-2372.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2551-1 vom 2018-08-30",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182551-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2550-1 vom 2018-08-30",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182550-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2561-1 vom 2018-08-31",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182561-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2608-1 vom 2018-09-05",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182608-1.html"
      }
    ],
    "source_lang": "en-US",
    "title": "cobbler: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
    "tracking": {
      "current_release_date": "2023-11-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:01:41.944+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2929",
      "initial_release_date": "2018-08-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-30T22:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2018-09-04T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2018-11-25T23:00:00.000+00:00",
          "number": "8",
          "summary": "Added references"
        },
        {
          "date": "2018-11-26T23:00:00.000+00:00",
          "number": "9",
          "summary": "Added references"
        },
        {
          "date": "2019-09-03T22:00:00.000+00:00",
          "number": "10",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-C2D7F79309, FEDORA-2019-3CACFB34AD, FEDORA-2019-CD24F60A94"
        },
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source cobbler 2.6.x",
            "product": {
              "name": "Open Source cobbler 2.6.x",
              "product_id": "T003114",
              "product_identification_helper": {
                "cpe": "cpe:/a:cobbler:cobbler:2.6"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.7",
                "product": {
                  "name": "Red Hat Satellite 5.7",
                  "product_id": "T007324",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:5.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.6",
                "product": {
                  "name": "Red Hat Satellite 5.6",
                  "product_id": "T009935",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:5.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.8",
                "product": {
                  "name": "Red Hat Satellite 5.8",
                  "product_id": "T010122",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:5.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Satellite"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10931",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in cobbler. Die Schwachstelle beruht darauf, dass cobbler alle Funktionen der CobblerXMLRPCInterface Klasse \u00fcber XMLRPC verf\u00fcgbar macht. Ein Angreifer kann dieses nutzen und innerhalb von cobbler seine Privilegien erh\u00f6hen und in der Folge im Kontext des Daemons beliebige Dateien hochladen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T007324",
          "T002207",
          "T003114",
          "T009935",
          "T000126",
          "T010122"
        ]
      },
      "release_date": "2018-08-09T22:00:00.000+00:00",
      "title": "CVE-2018-10931"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10931 (GCVE-0-2018-10931)

SUSE-SU-2018:2561-1

SUSE-SU-2018:2608-1

WID-SEC-W-2023-2929

Tags

Sightings

Nomenclature