CVE-2011-4952
published 2019-11-19CVE-2011-4952: cobbler: Web interface lacks CSRF protection when using Django framework
PriorityP337high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.63%
45.6th percentile
cobbler: Web interface lacks CSRF protection when using Django framework
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler | cobbler | — | — |
| cobbler_project | cobbler | >= 0 < 2.6.0 | 2.6.0 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cobbler Web Interface Lacks CSRF Protection
osv·2022-04-22
CVE-2011-4952 [HIGH] Cobbler Web Interface Lacks CSRF Protection
Cobbler Web Interface Lacks CSRF Protection
cobbler: Web interface lacks CSRF protection when using Django framework
GHSA
Cobbler Web Interface Lacks CSRF Protection
ghsa·2022-04-22
CVE-2011-4952 [HIGH] CWE-352 Cobbler Web Interface Lacks CSRF Protection
Cobbler Web Interface Lacks CSRF Protection
cobbler: Web interface lacks CSRF protection when using Django framework
Red Hat
(cobbler-web): Absent CSRF protection when using Django framework
vendor_redhat·2011-09-28·CVSS 8.8
CVE-2011-4952 [HIGH] CWE-352 (cobbler-web): Absent CSRF protection when using Django framework
(cobbler-web): Absent CSRF protection when using Django framework
cobbler: Web interface lacks CSRF protection when using Django framework
Statement: This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as Red Hat Network Satellite Server did not include support for Cobbler web interface.
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2012/04/12/10https://access.redhat.com/security/cve/cve-2011-4952https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952https://security-tracker.debian.org/tracker/CVE-2011-4952http://www.openwall.com/lists/oss-security/2012/04/12/10https://access.redhat.com/security/cve/cve-2011-4952https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4952https://security-tracker.debian.org/tracker/CVE-2011-4952
2019-11-19
Published