Miggo Logo

CVE-2018-1000226: Cobbler Improper Validation of Security Tokens

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.98844%
Published
5/13/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
cobblerpip<= 2.6.113.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from API endpoints requiring security tokens that are never validated. The GitHub issue #1916 explicitly demonstrates modify_setting() and get_systems() as examples of this pattern, where token parameters are declared but unused for authentication. The upload_log_data() function becomes exploitable due to the ability to manipulate its guardrails via modify_setting(). These functions are part of the CobblerXMLRPCInterface class exposed via /cobbler_api, and the blog post/issue demonstrate concrete exploit scenarios for these endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*o**l*r v*rsion V*ri*i** *s pr*s*nt in *o**l*r v*rsions *.*.**+, *ut *o** insp**tion su***sts *t l**st *.*.*+ or possi*ly *v*n ol**r v*rsions m*y ** vuln*r**l* *ont*ins * In*orr**t ****ss *ontrol vuln*r**ility in XMLRP* *PI (/*o**l*r_*pi) t**t **n r*

Reasoning

T** vuln*r**ility st*ms *rom *PI *n*points r*quirin* s**urity tok*ns t**t *r* n*v*r v*li**t**. T** *it*u* issu* #**** *xpli*itly **monstr*t*s mo*i*y_s*ttin*() *n* **t_syst*ms() *s *x*mpl*s o* t*is p*tt*rn, w**r* tok*n p*r*m*t*rs *r* ***l*r** *ut unus