9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000226

GHSA ID

GHSA-f88q-22g8-frcg

EPSS Score

0.98844%

CWE

CWE-732

Published

5/13/2022

Updated

10/6/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000226

CVE-2018-1000226:
Cobbler Improper Validation of Security Tokens

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

(GitHub Advisory)

9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000226

GHSA ID

GHSA-f88q-22g8-frcg

EPSS Score

0.98844%

CWE

CWE-732

Published

5/13/2022

Updated

10/6/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
cobbler	pip	<= 2.6.11	3.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from API endpoints requiring security tokens that are never validated. The GitHub issue #1916 explicitly demonstrates modify_setting() and get_systems() as examples of this pattern, where token parameters are declared but unused for authentication. The upload_log_data() function becomes exploitable due to the ability to manipulate its guardrails via modify_setting(). These functions are part of the CobblerXMLRPCInterface class exposed via /cobbler_api, and the blog post/issue demonstrate concrete exploit scenarios for these endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*o**l*r v*rsion V*ri*i** *s pr*s*nt in *o**l*r v*rsions *.*.**+, *ut *o** insp**tion su***sts *t l**st *.*.*+ or possi*ly *v*n ol**r v*rsions m*y ** vuln*r**l* *ont*ins * In*orr**t ****ss *ontrol vuln*r**ility in XMLRP* *PI (/*o**l*r_*pi) t**t **n r*

Reasoning

T** vuln*r**ility st*ms *rom *PI *n*points r*quirin* s**urity tok*ns t**t *r* n*v*r v*li**t**. T** *it*u* issu* #**** *xpli*itly **monstr*t*s mo*i*y_s*ttin*() *n* **t_syst*ms() *s *x*mpl*s o* t*is p*tt*rn, w**r* tok*n p*r*m*t*rs *r* ***l*r** *ut unus

9.8

Basic Information

Concerned about an active attack path?

CVE-2018-1000226: Cobbler Improper Validation of Security Tokens

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-1000226:
Cobbler Improper Validation of Security Tokens

Vulnerability Intelligence
Miggo AI