Cobbler

Latest version: v3.3.7

Vulnerabilities (26)

CVE/PVE	Vulnerability ID	Advisory	Affected versions	Severity	Severity Score
CVE-2024-47533	74187	Affected versions of Cobbler are vulnerable to Improper Authenticatio…	>=3.0.0,<3.2.3 >=3.3.0,<3.3.7	-	-
CVE-2022-0860	45820	Cobbler 3.3.2 includes a fix for CVE-2022-0860: Improper Authorizatio…	<3.3.2	CRITICAL	9.1
PVE-2022-45320	45320	Cobbler 3.3.1 removes testing module, which was shipping a well known…	<3.3.1	HIDDEN	X.Y
PVE-2022-45319	45319	Cobbler 3.3.1 validates the data before logging it to avoid log file …	<3.3.1	HIDDEN	X.Y
CVE-2021-45082	45286	An issue was discovered in Cobbler before 3.3.1. In the templar.py fi…	<3.3.1	HIGH	7.8
PVE-2022-45318	45318	Cobbler 3.3.1 stabalizes the MongoDB serializer. In mongodb serialize…	<3.3.1	HIDDEN	X.Y
CVE-2021-45083	45317	Cobbler 3.3.1 includes a fix for CVE-2021-45083: Files in /etc/cobble…	<3.3.1	HIGH	7.1
CVE-2021-45081	62201	An issue was discovered in Cobbler through 3.3.1. Routines in several…	<=3.3.1	MEDIUM	5.9
PVE-2022-45316	45316	Cobbler 3.3.0 removes get-loaders code. It is not safe to download bo…	<3.3.0	HIDDEN	X.Y
CVE-2021-40325	45315	Cobbler before 3.3.0 allows authorization bypass for modification of …	<3.3.0	HIGH	7.5
CVE-2021-40324	45314	Cobbler 3.3.0 and 3.2.2 include a fix for CVE-2021-40324: Cobbler bef…	<3.2.2	HIGH	7.5
CVE-2021-40323	45276	Cobbler 3.3.0 and 3.2.2 include a fix for CVE-2021-40323: Cobbler bef…	<3.2.2	CRITICAL	9.8
CVE-2018-1000225	67945	Cobbler version Verified as present in Cobbler versions 2.6.11+, but …	<3.0.0	MEDIUM	6.1
CVE-2018-1000226	65837	Cobbler version Verified as present in Cobbler versions 2.6.11+, but …	<3.0.0	CRITICAL	9.8
CVE-2017-1000469	66896	Cobbler version up to 2.8.2 is vulnerable to a command injection vuln…	<=2.8.2	CRITICAL	9.8
CVE-2016-9605	65817	A flaw was found in cobbler software component version 2.6.11-1. It s…	==2.6.11-1	MEDIUM	6.1
CVE-2018-10931	53996	It was found that cobbler 2.6.x exposed all functions from its Cobble…	>=2.6.0,<3.0.0	CRITICAL	9.8
CVE-2011-4954	37739	Cobbler 2.6.0 includes a fix for CVE-2011-4954: Cobbler has local pri…	<2.6.0	HIGH	7.8
CVE-2014-3225	60960	Absolute path traversal vulnerability in the web interface in Cobbler…	>=2.4.0,<=2.6.0	MEDIUM	4.0
CVE-2011-4953	62098	The set_mgmt_parameters function in item.py in cobbler before 2.2.2 a…	<=2.2.1	MEDIUM	6.8
CVE-2011-4952	62096	Cobbler v2.1.0 resolves missing CSRF protection in web interface usin…	<2.1.0	HIGH	8.8
CVE-2010-2235	35339	Cobbler 2.0.7 includes a fix for CVE-2010-2235: Template_api.py in Co…	<2.0.7	HIGH	8.5
CVE-2010-4512	61742	Cobbler before 2.0.4 uses an incorrect umask value, which allows loca…	<2.0.4	HIGH	7.2
CVE-2009-5021	61243	Cobbler before 1.6.1 does not properly determine whether an installat…	<1.6.1	HIGH	7.5
CVE-2008-6954	61200	The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote …	<1.2.9	HIGH	9.0
CVE-2012-2395	54074	A Command Injection in action_power.py in Cobbler prior to v2.6.0 all…	>=0,<2.6.0	HIGH	7.5