Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3225Path Traversal in Project Cobbler

CWE-22Path Traversal12 documents8 sources
Severity
4.0MEDIUMNVD
EPSS
6.1%
top 9.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cobbler Project CobblerCobblerd Cobbler
Timeline
PublishedMay 14
Latest updateNov 13

Description

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

PyPIcobbler_project/cobbler2.6.02.6.4+1
Ubuntucobbler_project/cobbler< 2.4.1-0ubuntu2+esm1
NVDcobblerd/cobbler6 versions+5

🔴Vulnerability Details

5
OSV
cobbler vulnerabilities2023-11-13
GHSA
Cobbler Path Traversal vulnerability2022-05-14
OSV
Cobbler Path Traversal vulnerability2022-05-14
CVEList
CVE-2014-3225: Absolute path traversal vulnerability in the web interface in Cobbler 22014-05-14
OSV
CVE-2014-3225: Absolute path traversal vulnerability in the web interface in Cobbler 22014-05-14

💥Exploits & PoCs

1
Exploit-DB
Cobbler 2.4.x < 2.6.x - Local File Inclusion2014-05-08

📋Vendor Advisories

2
Ubuntu
Cobbler vulnerabilities2023-11-13
Red Hat
cobbler: local file inclusion over remote installs2014-05-08

💬Community

3
Bugzilla
CVE-2014-3225 cobbler: local file inclusion over remote installs2014-05-08
Bugzilla
CVE-2014-3225 cobbler: local file inclusion over remote installs [fedora-all]2014-05-08
Bugzilla
CVE-2014-3225 cobbler: local file inclusion over remote installs [epel-all]2014-05-08
CVE-2014-3225 — Path Traversal in Project Cobbler | cvebase