Critical severity9.8NVD Advisory· Published Aug 9, 2018· Updated Jun 17, 2026
CVE-2018-10931
CVE-2018-10931
Description
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cobblerPyPI | >= 2.6.0, < 3.0.0 | 3.0.0 |
Affected products
13- ghsa-coords12 versionspkg:pypi/cobblerpkg:rpm/opensuse/cobbler&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/cobbler&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cobbler&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/cobbler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-CLIENT-TOOLSpkg:rpm/suse/cobbler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-CLIENT-TOOLSpkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/cobbler&distro=SUSE%20Package%20Hub%2015%20SP2
>= 2.6.0, < 3.0.0+ 11 more
- (no CPE)range: >= 2.6.0, < 3.0.0
- (no CPE)range: < 3.1.2-lp152.6.3.1
- (no CPE)range: < 3.2.1.336+git.5639a3af-1.1
- (no CPE)range: < 2.6.6-49.14.1
- (no CPE)range: < 2.2.2-0.68.6.1
- (no CPE)range: < 2.2.2-0.68.6.1
- (no CPE)range: < 2.6.6-49.14.1
- (no CPE)range: < 2.6.6-49.14.1
- (no CPE)range: < 2.6.6-5.17.1
- (no CPE)range: < 2.6.6-6.7.1
- (no CPE)range: < 2.6.6-49.14.1
- (no CPE)range: < 3.1.2-bp152.4.3.1
- The Cobbler Project/cobblerv5Range: 2.6.x
Patches
Vulnerability mechanics
References
16- access.redhat.com/errata/RHSA-2018:2372nvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingMitigationThird Party AdvisoryWEB
- github.com/advisories/GHSA-8787-63px-3m23ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10931ghsaADVISORY
- access.redhat.com/security/cve/CVE-2018-10931ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/cobbler/cobbler/commit/1b91a3d3ac87c31d9dac2307513feb2aa49620a6ghsaWEB
- github.com/cobbler/cobbler/issues/1916ghsaWEB
- github.com/cobbler/cobbler/pull/1921ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SDghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SDghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJAghsaWEB
- movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-apighsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/nvd
News mentions
0No linked articles in our index yet.