cbcvebase.
CVE-2014-3225
published 2014-05-14

CVE-2014-3225: Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the…

PriorityP432medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
8.81%
94.5th percentile
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Affected

9 ranges
VendorProductVersion rangeFixed in
cobbler_projectcobbler>= 0 < 2.4.1-0ubuntu2+esm12.4.1-0ubuntu2+esm1
cobbler_projectcobbler>= 2.4.0 < 2.4.72.4.7
cobbler_projectcobbler>= 2.6.0 < 2.6.42.6.4
cobblerdcobbler
cobblerdcobbler
cobblerdcobbler
cobblerdcobbler
cobblerdcobbler
cobblerdcobbler

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.0MEDIUM
vendor_redhat4.0MEDIUM
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.