Oval Definition:oval:org.opensuse.security:def:20181000226
Revision Date:2022-06-30Version:1
Title:CVE-2018-1000226
Description:

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-1000226
SUSE-SU-2018:2551-1
SUSE-SU-2018:2561-1
SUSE-SU-2018:2608-1
openSUSE-SU-2018:2590-1
Mitre CVE-2018-1000226
SUSE CVE-2018-1000226
SUSE-SU-2018:2551-1
SUSE-SU-2018:2561-1
SUSE-SU-2018:2608-1
openSUSE-SU-2018:2590-1
openSUSE-SU-2021:0046-1
openSUSE-SU-2021:0058-1
Platform(s):openSUSE Leap 15.2
openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE Package Hub for SUSE Linux Enterprise 15 SP2
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND cobbler-2.6.6-49.14.1 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • cobbler-2.6.6-17 is installed
  • AND cobbler is signed with openSUSE key
  • OR
  • cobbler-tests-2.6.6-17 is installed
  • AND cobbler-tests is signed with openSUSE key
  • OR
  • cobbler-web-2.6.6-17 is installed
  • AND cobbler-web is signed with openSUSE key
  • OR
  • koan-2.6.6-17 is installed
  • AND koan is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • cobbler-3.1.2-lp152.6.3.1 is installed
  • AND cobbler is signed with openSUSE key
  • OR
  • cobbler-tests-3.1.2-lp152.6.3.1 is installed
  • AND cobbler-tests is signed with openSUSE key
  • OR
  • cobbler-web-3.1.2-lp152.6.3.1 is installed
  • AND cobbler-web is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • cobbler-3.2.1.336+git.5639a3af-1.1 is installed
  • OR cobbler-tests-3.2.1.336+git.5639a3af-1.1 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed
  • AND Package Information
  • cobbler-3.1.2-bp152.4.3.1 is installed
  • OR cobbler-tests-3.1.2-bp152.4.3.1 is installed
  • OR cobbler-web-3.1.2-bp152.4.3.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND cobbler is affected
    • BACK