Filtered by vendor Cobbler Project
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | |||||
| CVE-2021-45083 | 1 Cobbler Project | 1 Cobbler | 2022-02-28 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password. | |||||
| CVE-2021-40324 | 1 Cobbler Project | 1 Cobbler | 2021-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | |||||