CVE-2014-3225

2014-05-1400:55:11

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-3225

cobbler

web interface

path traversal

vulnerability

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.7 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Affected configurations

NVD

Node

cobblerdcobblerMatch2.4.0-

cobblerdcobblerMatch2.4.01

cobblerdcobblerMatch2.4.1

cobblerdcobblerMatch2.4.2

cobblerdcobblerMatch2.4.3

cobblerdcobblerMatch2.4.4

cobblerdcobblerMatch2.6.0

CPENameOperatorVersion
cobblerd:cobblercobblerd cobblereq2.4.0
cobblerd:cobblercobblerd cobblereq2.4.1
cobblerd:cobblercobblerd cobblereq2.4.2
cobblerd:cobblercobblerd cobblereq2.4.3
cobblerd:cobblercobblerd cobblereq2.4.4
cobblerd:cobblercobblerd cobblereq2.6.0

CPE	Name	Operator	Version
cobblerd:cobbler	cobblerd cobbler	eq	2.4.0
cobblerd:cobbler	cobblerd cobbler	eq	2.4.1
cobblerd:cobbler	cobblerd cobbler	eq	2.4.2
cobblerd:cobbler	cobblerd cobbler	eq	2.4.3
cobblerd:cobbler	cobblerd cobbler	eq	2.4.4
cobblerd:cobbler	cobblerd cobbler	eq	2.6.0