Security Advisory

CVE-2018-10931

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-08-09 20:00:00
Last updated 2024-08-05 07:54:35
Assigner redhat
State PUBLISHED

Description

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.