admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated example url in description

Browse Source
This commit is contained in:
Kurt Seifried 2018-09-30 09:38:00 -06:00
parent be1136b958
commit e34ab0aa58
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/1000xxx/CVE-2018-1000225.json
View File

@ -37,7 +37,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler-api)."
"value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."
}
]
},

2
2018/1000xxx/CVE-2018-1000226.json
View File

@ -37,7 +37,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
"value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
}
]
},