CVE-2014-3225

Published: May 14, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler

mailing-list

x_refsource_MLIST

https://github.com/cobbler/cobbler/issues/939

x_refsource_MISC

106759

vdb-entry

x_refsource_OSVDB

67277

vdb-entry

x_refsource_BID

[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler

mailing-list

x_refsource_MLIST

https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be

x_refsource_MISC

http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html

x_refsource_MISC

20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225

mailing-list

x_refsource_BUGTRAQ

33252

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-3225

Description

Affected Products

References