oss-sec mailing list archives
CVE request: cobbler lack of csrf protection, code execution
From: David Black <disclosure () d1b org>
Date: Thu, 12 Apr 2012 19:39:31 +1000
Hi, I reported some bugs a while ago in cobbler which never received CVE ID, could the follow bugs receive CVE ID ? 1. lack of csrf protection in the cobbler web interface (vulnerable to csrf attacks) https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858878 2. code execution on the cobbler host through use of yaml.loads on potentially untrusted user input https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883 -- Thank you.
Current thread:
- CVE request: cobbler lack of csrf protection, code execution David Black (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution Jan Lieskovsky (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution David Black (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution Kurt Seifried (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution Jan Lieskovsky (Apr 12)