CVE-2018-1000225 - OpenCVE

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cobblerd	Cobbler

Configuration 1 [-]

cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/cobbler/cobbler/issues/1917	Third Party Advisory
https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-20T20:00:00

Updated: 2018-10-01T12:57:01

Reserved: 2018-08-02T00:00:00

Link: CVE-2018-1000225

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-20T20:29:01.720

Modified: 2018-10-19T17:33:40.530

Link: CVE-2018-1000225

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-08-02T00:00:00", "datePublic": "2018-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-01T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cobbler/cobbler/issues/1917"}, {"tags": ["x_refsource_MISC"], "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-08-02T16:41:53.515834", "DATE_REQUESTED": "2018-08-02T16:09:44", "ID": "CVE-2018-1000225", "REQUESTER": "cvereports@movermeyer.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cobbler/cobbler/issues/1917", "refsource": "CONFIRM", "url": "https://github.com/cobbler/cobbler/issues/1917"}, {"name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/", "refsource": "MISC", "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000225", "datePublished": "2018-08-20T20:00:00", "dateReserved": "2018-08-02T00:00:00", "dateUpdated": "2018-10-01T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:*", "matchCriteriaId": "2089F664-4268-4FDC-8D46-BE2B18BAB6BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api)."}, {"lang": "es", "value": "Cobbler en su versi\u00f3n Verified, tal y como est\u00e1 presente en Cobbler en versiones 2.6.11+, aunque la inspecci\u00f3n del c\u00f3digo sugiere que al menos las versiones 2.0.0+ o incluso anteriores podr\u00edan ser vulnerables, contiene una vulnerabilidad Cross-Site Scripting (XSS) en cobbler-web que puede resultar en un escalado de privilegios a admin. Este ataque parece ser explotable mediante conectividad de red. El env\u00edo de cargas \u00fatiles JavaScript no autenticadas a la API XMLRPC de Cobbler (/cobbler_api)."}], "id": "CVE-2018-1000225", "lastModified": "2018-10-19T17:33:40.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-20T20:29:01.720", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/cobbler/cobbler/issues/1917"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}