Main Vulnerability Database Vulnerabilities #VU41683

#VU41683 Path traversal in Cobbler - CVE-2014-3225

Published: May 14, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41683

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2014-3225

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Cobbler

Software vendor:
Cobbler project

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Remediation

Install update from vendor's website.

External links

http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
http://seclists.org/oss-sec/2014/q2/273
http://seclists.org/oss-sec/2014/q2/274
http://www.exploit-db.com/exploits/33252
http://www.osvdb.org/106759
http://www.securityfocus.com/archive/1/532094/100/0/threaded
http://www.securityfocus.com/bid/67277
https://github.com/cobbler/cobbler/issues/939
https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be

#VU41683 Path traversal in Cobbler - CVE-2014-3225

Description

Remediation

External links

Please verify you're human