Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: cobbler lack of csrf protection, code execution
From: David Black <disclosure () d1b org>
Date: Thu, 12 Apr 2012 19:39:31 +1000

Hi, I reported some bugs a while ago in cobbler which never received
CVE ID, could the follow bugs receive CVE ID ?
1. lack of csrf protection in the cobbler web interface (vulnerable to
csrf attacks) https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858878
2. code execution on the cobbler host through use of yaml.loads on
potentially untrusted user input
https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883

--
Thank you.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]