cobbler@3.3.2 vulnerabilities

Network Boot and Update Server

Direct Vulnerabilities

Known vulnerabilities in the cobbler package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Improper Authentication

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Authentication due to the utils.get_shared_secret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password.

How to fix Improper Authentication?

Upgrade cobbler to version 3.2.3, 3.3.7 or higher.

[3.1.2,3.2.3) [3.3.0,3.3.7)
  • M
Improper Input Validation

cobbler is a network install server.

Affected versions of this package are vulnerable to Improper Input Validation by navigating to a vulnerable URL via cobbler-web on a default installation.

How to fix Improper Input Validation?

There is no fixed version for cobbler.

[0,)