cobbler (SUSE:Linux Enterprise Server 11 SP3-CLIENT-TOOLS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP3-CLIENT-TOOLS package cobbler, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2017-1000469 — CVSS 9.8 (critical): Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code…
CVE-2018-10931 — CVSS 9.8 (critical): It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker…
CVE-2020-25592 — CVSS 9.8 (critical): In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke…
CVE-2021-45083 — CVSS 7.1 (high): An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive…