UBUNTU-CVE-2018-1000226

Source
https://ubuntu.com/security/CVE-2018-1000226
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000226.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000226
Related
Published
2018-08-20T20:29:00Z
Modified
2018-08-20T20:29:00Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

References

Affected packages

Ubuntu:Pro:16.04:LTS / cobbler

Package

Name
cobbler
Purl
pkg:deb/ubuntu/cobbler?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-0ubuntu2+esm1

Affected versions

2.*

2.4.1-0ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.4.1-0ubuntu2+esm1",
            "binary_name": "cobbler"
        },
        {
            "binary_version": "2.4.1-0ubuntu2+esm1",
            "binary_name": "cobbler-common"
        },
        {
            "binary_version": "2.4.1-0ubuntu2+esm1",
            "binary_name": "cobbler-web"
        },
        {
            "binary_version": "2.4.1-0ubuntu2+esm1",
            "binary_name": "koan"
        },
        {
            "binary_version": "2.4.1-0ubuntu2+esm1",
            "binary_name": "python-cobbler"
        },
        {
            "binary_version": "2.4.1-0ubuntu2+esm1",
            "binary_name": "python-koan"
        }
    ]
}