CVE-2016-9605 — Cross-site Scripting in Project Cobbler

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cobbler Project Cobbler THE Cobbler Project Cobbler

Timeline

PublishedAug 22

Latest updateMay 13

Description

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶PyPIcobbler_project/cobbler2.6.11-1

▶NVDcobbler_project/cobbler2.6.11-1

▶CVEListV5the_cobbler_project/cobbler2.6.11-1

🔴Vulnerability Details

OSV

Cobbler Arbitrary File Read↗2022-05-13

▶

GHSA

Cobbler Arbitrary File Read↗2022-05-13

▶

CVEList

CVE-2016-9605: A flaw was found in cobbler software component version 2↗2018-08-22

▶

📋Vendor Advisories

Red Hat

cobbler: Cross site scripting in profile page↗

▶

💬Community

Bugzilla

CVE-2016-9605 cobbler: Cross site scripting in profile page↗2017-03-20

▶