From fe1eef64e6bd1d8d71961760bdf2b1ee8ec1744b Mon Sep 17 00:00:00 2001 From: Kurt Seifried Date: Mon, 20 Aug 2018 11:05:50 -0600 Subject: [PATCH] update to CVE-2018-1000226 --- 2018/1000xxx/CVE-2018-1000226.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2018/1000xxx/CVE-2018-1000226.json b/2018/1000xxx/CVE-2018-1000226.json index 858268584e4..373920abed9 100644 --- a/2018/1000xxx/CVE-2018-1000226.json +++ b/2018/1000xxx/CVE-2018-1000226.json @@ -1 +1 @@ -{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.516803", "DATE_REQUESTED": "2018-08-02T16:12:25", "ID": "CVE-2018-1000226", "REQUESTER": "cvereports@movermeyer.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cobbler", "version": { "version_data": [ { "version_value": "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable" } ] } } ] }, "vendor_name": "Cobbler" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incorrect Access Control" } ] } ] }, "references": { "reference_data": [ { "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" }, { "url": "https://github.com/cobbler/cobbler/issues/1916" } ] } } \ No newline at end of file +{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.516803", "DATE_REQUESTED": "2018-08-02T16:12:25", "ID": "CVE-2018-1000226", "REQUESTER": "cvereports@movermeyer.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cobbler", "version": { "version_data": [ { "version_value": "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable" } ] } } ] }, "vendor_name": "Cobbler" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incorrect Access Control" } ] } ] }, "references": { "reference_data": [ { "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/" }, { "url": "https://github.com/cobbler/cobbler/issues/1916" } ] } } \ No newline at end of file