{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-08-02T00:00:00", "datePublic": "2018-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-01T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cobbler/cobbler/issues/1916"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.516803", "DATE_REQUESTED": "2018-08-02T16:12:25", "ID": "CVE-2018-1000226", "REQUESTER": "cvereports@movermeyer.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/", "refsource": "MISC", "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}, {"name": "https://github.com/cobbler/cobbler/issues/1916", "refsource": "CONFIRM", "url": "https://github.com/cobbler/cobbler/issues/1916"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:46.918Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/cobbler/cobbler/issues/1916"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000226", "datePublished": "2018-08-20T20:00:00", "dateReserved": "2018-08-02T00:00:00", "dateUpdated": "2024-08-05T12:40:46.918Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:*", "matchCriteriaId": "8841C1D9-95CB-49E2-9D2B-E4CF90D80E3F", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."}, {"lang": "es", "value": "Cobbler en su versi\u00f3n Verified, tal y como est\u00e1 presente en Cobbler en versiones 2.6.11+, aunque la inspecci\u00f3n del c\u00f3digo sugiere que al menos las versiones 2.0.0+ o incluso anteriores podr\u00edan ser vulnerables, contiene una vulnerabilidad de control de acceso incorrecto en la API XMLRPC de Cobbler (/cobbler_api) que puede resultar en un escalado de privilegios, manipulaci\u00f3n o exfiltraci\u00f3n de datos o la captura de credenciales LDAP. Este ataque parece ser explotable mediante conectividad de red. Se puede aprovechar la validaci\u00f3n incorrecta de tokens de seguridad en los endpoints de la API. N\u00f3tese que esta vulnerabilidad es diferente de CVE-2018-10931."}], "id": "CVE-2018-1000226", "lastModified": "2024-11-21T03:39:58.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-20T20:29:01.847", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/cobbler/cobbler/issues/1916"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/cobbler/cobbler/issues/1916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cobbler: XMLRPC API endpoints are not correctly validating security tokens", "id": "1612103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612103"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-306", "details": ["Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.", "It was found that the cobbler API did not validate the client's token for all methods. An unauthenticated attacker could use this flaw to call sensitive methods without having to authenticate first."], "name": "CVE-2018-1000226", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "cobbler", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Will not fix", "impact": "moderate", "package_name": "cobbler", "product_name": "Red Hat Satellite 5"}], "public_date": "2018-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000226\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000226"], "statement": "The most sensitive function not requiring a valid token is modify_settings(), which is not part of cobbler-2.0.7, the versions shipped Red Hat Enterprise Satellite 5. As such, the flaw is considered with a Medium severity rating on cobbler versions as shipped in Red Hat Enterprise Satellite 5. A future update may address this issue.", "threat_severity": "Important"}