CVE-2014-3225 | SynScan

Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

Published: May 14, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3225
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cobblerd / cobbler	2.4.2	2.4.2.x
cobblerd / cobbler	2.4.3	2.4.3.x
cobblerd / cobbler	2.4.0	2.4.0.x
cobblerd / cobbler	2.4.0-1	2.4.0-1.x
cobblerd / cobbler	2.4.4	2.4.4.x
cobblerd / cobbler	2.4.1	2.4.1.x
cobblerd / cobbler	2.6.0	2.6.0.x