CVE-2014-3225

Cobbler < 2.6.4 - Path Traversal

Title source: rule

Description

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Exploits (1)

exploitdb WRITEUP
by Dolev Farhi · textwebappsphp
https://www.exploit-db.com/exploits/33252

References (9)

Scores

EPSS 0.0611
EPSS Percentile 90.8%

Details

CWE
CWE-22
Status published
Products (7)
cobblerd/cobbler 2.4.0 (2 CPE variants)
cobblerd/cobbler 2.4.1
cobblerd/cobbler 2.4.2
cobblerd/cobbler 2.4.3
cobblerd/cobbler 2.4.4
cobblerd/cobbler 2.6.0
pypi/cobbler 2.6.0 - 2.6.4PyPI
Published May 14, 2014
Tracked Since Feb 18, 2026