What is CVE-2018-1000226?

CVE-2018-1000226 is a vulnerability in N/a. Published 2018-08-20.

Is CVE-2018-1000226 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api)…

EPSS: 0.600 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/kenzer-templates

References

movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/ (x_refsource_MISC)
github.com/cobbler/cobbler/issues/1916 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-1000226?: CVE-2018-1000226 is a vulnerability in N/a. Published 2018-08-20.
Is CVE-2018-1000226 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.