CVE-2018-10931

Summary

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Affected Software

VendorProductVersion RangeStatus
The Cobbler Projectcobbler2.6.xaffected

Weaknesses

  • CWE-749: CWE-749

ADP Enrichment

CVE Program Container

Additional References

References