cobbler@3.1.2 vulnerabilities

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Authentication due to the utils.get_shared_secret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password.

Upgrade cobbler to version 3.2.3, 3.3.7 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Input Validation by navigating to a vulnerable URL via cobbler-web on a default installation.

There is no fixed version for cobbler.

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Authorization when it is configured to authenticate via PAM, account validity is missing. Therefore expired accounts can still login.

Upgrade cobbler to version 3.2.3, 3.3.1 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Input Validation due to improper sanitization of the run_triggers function in the modules/installation/pre_log.py module, which allows some user controller inputs to be appended in the /var/log/cobbler/install.log log file, exploiting this vulnerability might cause log file pollution.

Upgrade cobbler to version 3.3.1 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Information Exposure. The files in /etc/cobbler are world-readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation and has user read-write permissions. The settings.yaml file contains secrets such as the hashed default password and has user read-write permissions.

Upgrade cobbler to version 3.2.3, 3.3.1 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Insecure Defaults as a lot of cobbler server entry points are served on HTTP protocol rather than HTTPS protocol.

Upgrade cobbler to version 3.2.3, 3.3.1 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Arbitrary Code Execution via lacking template sanitization of imported modules in the check_for_invalid_imports function (templar.py file), which allows Cheetah code to import Python modules using the "#from MODULE import" syntax.

Upgrade cobbler to version 3.2.3, 3.3.1 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Arbitrary File Write via the upload_log_data XMLRPC function, due to missing sanitization.

Note: Exploitable only if the anamon_enabled setting is enabled.

Upgrade cobbler to version 3.2.2 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Arbitrary Code Execution the generate_script RPC method could be used to get arbitrary files on the system.

As many cobbler endpoints call the _log method, an attacker could call an endpoint of choice, insert malicious code into the log file via a crafted input, and use the generate_script method to evaluate the associated log file as a template, thereby achieving arbitrary code execution.

Upgrade cobbler to version 3.2.2 or higher.

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Authorization via an unknown attack vector, allowing settings modification.

Upgrade cobbler to version 3.2.2 or higher.