Browse all 4 CVE security advisories affecting cobbler. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Cobbler primarily serves as Linux installation server automation, streamlining OS deployments across networks. Historically, it has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure default configurations. Privilege escalation risks have also been documented due to insufficient permission controls. Notable security characteristics include its web interface, which has been a common attack vector. The project maintains a moderate CVE count with four recorded vulnerabilities, though no major public incidents have been widely reported. Security remains a concern given its network-facing deployment and complex configuration requirements.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47533 | Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes — cobblerCWE-287 | 9.8 | Critical | 2024-11-18 |
| CVE-2022-0860 | Improper Authorization in cobbler/cobbler — cobbler/cobblerCWE-285 | 9.1 | - | 2022-03-11 |
| CVE-2011-4954 | Cobbler 安全漏洞 — cobbler | 7.8 | - | 2019-11-19 |
| CVE-2011-4952 | Cobbler 跨站请求伪造漏洞 — cobbler | 8.8 | - | 2019-11-19 |
This page lists every published CVE security advisory associated with cobbler. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.