admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

update to CVE-2018-1000226

Browse Source
This commit is contained in:
Kurt Seifried 2018-08-20 11:05:50 -06:00
parent 56b09a1ae3
commit fe1eef64e6
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/1000xxx/CVE-2018-1000226.json
View File

@ -1 +1 @@
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.516803", "DATE_REQUESTED": "2018-08-02T16:12:25", "ID": "CVE-2018-1000226", "REQUESTER": "cvereports@movermeyer.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cobbler", "version": { "version_data": [ { "version_value": "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable" } ] } } ] }, "vendor_name": "Cobbler" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incorrect Access Control" } ] } ] }, "references": { "reference_data": [ { "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" }, { "url": "https://github.com/cobbler/cobbler/issues/1916" } ] } }
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.516803", "DATE_REQUESTED": "2018-08-02T16:12:25", "ID": "CVE-2018-1000226", "REQUESTER": "cvereports@movermeyer.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cobbler", "version": { "version_data": [ { "version_value": "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable" } ] } } ] }, "vendor_name": "Cobbler" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incorrect Access Control" } ] } ] }, "references": { "reference_data": [ { "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" }, { "url": "https://github.com/cobbler/cobbler/issues/1916" } ] } }