CVE-2018-1000226
published 2018-08-20CVE-2018-1000226: Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
12.48%
95.7th percentile
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | >= 0 < 3.0.0 | 3.0.0 |
| cobbler_project | cobbler | >= 0 < 2.4.1-0ubuntu2+esm1 | 2.4.1-0ubuntu2+esm1 |
| cobblerd | cobbler | >= 2.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to /cobbler_api containing the mangled method name '_CobblerXMLRPCInterface__make_token' — this is the name-mangled Python private method being called directly to forge a token without credentials. ↗
- →Alert on POST requests to /cobbler_api with Content-Type: text/xml that do NOT return a faultCode element in the response body — a successful auth bypass will return a valid token (base64-like string matching [a-zA-Z0-9].+==) with HTTP 200. ↗
- →Monitor calls to the modify_settings() XMLRPC method on /cobbler_api without a valid preceding authentication token — this is identified as the most sensitive unauthenticated-accessible function. ↗
- →Inspect XMLRPC API traffic to /cobbler_api for any method calls where the supplied security token is not validated — the vulnerability affects many endpoints, not just token generation. ↗
- ·Vulnerability is confirmed in Cobbler 2.6.11+ but code inspection suggests 2.0.0+ or older may also be affected — detection should not be scoped only to 2.6.11+. ↗
- ·This is a distinct vulnerability from CVE-2018-10931 — detection rules must not conflate the two; both affect /cobbler_api but via different weaknesses. ↗
- ·Red Hat Enterprise Satellite 5 ships cobbler-2.0.7 which lacks modify_settings(); the severity is considered Medium for that specific package version, so detection priority should be adjusted accordingly. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cobbler vulnerabilities
osv·2023-11-13·CVSS 4.0
CVE-2014-3225 [MEDIUM] cobbler vulnerabilities
cobbler vulnerabilities
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discovered that Cobbler did not properly handle user
input, which coul
GHSA
Cobbler Improper Validation of Security Tokens
ghsa·2022-05-13·CVSS 9.8
CVE-2018-1000226 [CRITICAL] CWE-732 Cobbler Improper Validation of Security Tokens
Cobbler Improper Validation of Security Tokens
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
OSV
Cobbler Improper Validation of Security Tokens
osv·2022-05-13·CVSS 9.8
CVE-2018-1000226 [CRITICAL] Cobbler Improper Validation of Security Tokens
Cobbler Improper Validation of Security Tokens
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
OSV
CVE-2018-1000226: Cobbler version Verified as present in Cobbler versions 2
osv·2018-08-20·CVSS 9.8
CVE-2018-1000226 [CRITICAL] CVE-2018-1000226: Cobbler version Verified as present in Cobbler versions 2
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
Ubuntu
Cobbler vulnerabilities
vendor_ubuntu·2023-11-13·CVSS 4.0
CVE-2021-40323 [MEDIUM] Cobbler vulnerabilities
Title: Cobbler vulnerabilities
Summary: Several security issues were fixed in Cobbler.
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discov
Red Hat
cobbler: XMLRPC API endpoints are not correctly validating security tokens
vendor_redhat·2018-08-02·CVSS 9.8
CVE-2018-1000226 [CRITICAL] CWE-306 cobbler: XMLRPC API endpoints are not correctly validating security tokens
cobbler: XMLRPC API endpoints are not correctly validating security tokens
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
It was found that the cobbler API did not validate the client's token for all methods. An unauthenticated attacker could use this flaw to call sensitive methods without having to
No detection rules found.
Nuclei
Cobbler - Authentication Bypass
nuclei·CVSS 9.8
CVE-2018-1000226 [CRITICAL] Cobbler - Authentication Bypass
Cobbler - Authentication Bypass
Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
Template:
id: CVE-2018-1000226
info:
name: Cobbler - Authentication Bypass
author: c-sh0
severity: critical
description: Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authenticat
2018-08-20
Published