The Cobbler Project Cobbler vulnerabilities

CVE-2016-9605 [MEDIUM] CWE-79 CVE-2016-9605: A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid paramete A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

CVE-2018-10931 [CRITICAL] CWE-749 CVE-2018-10931: It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XML It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.