[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-10931":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":49,"related":50,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":70,"kevs":147,"epss":148,"epss_history":151,"metrics":372,"affected":385},"CVE-2018-10931","It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-749","Exposed Dangerous Method or Function","The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.","weakness","Incomplete","Base","Low",[20],{"id":21,"name":22,"techniques":23},"CAPEC-500","WebView Injection",[],[],[26],"GHSA-8787-63px-3m23",[],[29,31,33,35,37,39,41,43,45,47],{"_key":30},"RHSA-2018:2372",{"_key":32},"SUSE-SU-2018:2550-1",{"_key":34},"SUSE-SU-2018:2551-1",{"_key":36},"SUSE-SU-2018:2561-1",{"_key":38},"SUSE-SU-2018:2608-1",{"_key":40},"OPENSUSE-SU-2021:0058-1",{"_key":42},"UBUNTU-CVE-2018-10931",{"_key":44},"OPENSUSE-SU-2021:0046-1",{"_key":46},"OPENSUSE-SU-2024:10690-1",{"_key":48},"USN-6475-1",[],[51,52,53,54,55,56,57],{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":44},{"_key":46},"2018-08-09T20:00:00.000Z","2024-08-05T07:54:35.798Z","Modified",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":65,"severity_score":66,"severity_version":67,"severity_source":68,"severity_vector":69,"severity_status":60},false,"high",0.36048,"critical",9.8,"v3.0","cve.org","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[71,82,88,93,97,102,106,110,114,118,122,127,131,135,139,143],{"url":72,"sources":73,"tags":76},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931",[68,74,75],"nvd","osv_pypi",[77,78,79,80,81],"X Refsource CONFIRM","Issue Tracking","Mitigation","Third Party Advisory","WEB",{"url":83,"sources":84,"tags":85},"https://access.redhat.com/errata/RHSA-2018:2372",[68,74,75],[86,87,80,81],"Vendor Advisory","X Refsource REDHAT",{"url":89,"sources":90,"tags":91},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/",[68,74],[86,92],"X Refsource FEDORA",{"url":94,"sources":95,"tags":96},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/",[68,74],[86,92],{"url":98,"sources":99,"tags":100},"https://nvd.nist.gov/vuln/detail/CVE-2018-10931",[75],[101],"Advisory",{"url":103,"sources":104,"tags":105},"https://github.com/cobbler/cobbler/issues/1916",[75],[81],{"url":107,"sources":108,"tags":109},"https://github.com/cobbler/cobbler/pull/1921",[75],[81],{"url":111,"sources":112,"tags":113},"https://github.com/cobbler/cobbler/commit/1b91a3d3ac87c31d9dac2307513feb2aa49620a6",[75],[81],{"url":115,"sources":116,"tags":117},"https://access.redhat.com/security/cve/CVE-2018-10931",[75],[81],{"url":119,"sources":120,"tags":121},"https://bugzilla.redhat.com/show_bug.cgi?id=1613861",[75],[81],{"url":123,"sources":124,"tags":125},"https://github.com/cobbler/cobbler",[75],[126],"PACKAGE",{"url":128,"sources":129,"tags":130},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD",[75],[81],{"url":132,"sources":133,"tags":134},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA",[75],[81],{"url":136,"sources":137,"tags":138},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD",[75],[81],{"url":140,"sources":141,"tags":142},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA",[75],[81],{"url":144,"sources":145,"tags":146},"https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api",[75],[81],[],{"date":149,"score":64,"percentile":150},"2026-06-04",0.97181,[152,156,159,161,164,166,168,170,172,174,177,179,182,184,186,190,192,195,198,200,203,206,208,210,212,214,216,218,221,224,227,229,231,233,235,238,240,243,246,249,251,253,255,257,260,263,265,267,269,271,273,276,279,281,284,287,289,291,293,296,298,300,303,305,307,310,313,316,319,321,323,325,327,329,331,334,337,340,342,345,347,350,352,354,357,359,362,365,367,369],{"date":153,"score":154,"percentile":155},"2025-11-04",0.67782,0.98503,{"date":157,"score":154,"percentile":158},"2025-11-05",0.98501,{"date":160,"score":154,"percentile":158},"2025-11-06",{"date":162,"score":154,"percentile":163},"2025-11-07",0.985,{"date":165,"score":154,"percentile":158},"2025-11-08",{"date":167,"score":154,"percentile":158},"2025-11-09",{"date":169,"score":154,"percentile":158},"2025-11-10",{"date":171,"score":154,"percentile":163},"2025-11-11",{"date":173,"score":154,"percentile":155},"2025-11-12",{"date":175,"score":154,"percentile":176},"2025-11-13",0.98505,{"date":178,"score":154,"percentile":176},"2025-11-14",{"date":180,"score":154,"percentile":181},"2025-11-15",0.98504,{"date":183,"score":154,"percentile":176},"2025-11-16",{"date":185,"score":154,"percentile":176},"2025-11-17",{"date":187,"score":188,"percentile":189},"2025-11-18",0.46213,0.97504,{"date":191,"score":188,"percentile":189},"2025-11-19",{"date":193,"score":188,"percentile":194},"2025-11-20",0.97508,{"date":196,"score":154,"percentile":197},"2025-11-21",0.98502,{"date":199,"score":154,"percentile":163},"2025-11-22",{"date":201,"score":154,"percentile":202},"2025-11-23",0.98499,{"date":204,"score":154,"percentile":205},"2025-11-24",0.98498,{"date":207,"score":154,"percentile":163},"2025-11-25",{"date":209,"score":154,"percentile":163},"2025-11-26",{"date":211,"score":154,"percentile":163},"2025-11-27",{"date":213,"score":154,"percentile":163},"2025-11-28",{"date":215,"score":154,"percentile":197},"2025-11-29",{"date":217,"score":154,"percentile":158},"2025-11-30",{"date":219,"score":154,"percentile":220},"2025-12-01",0.98516,{"date":222,"score":154,"percentile":223},"2025-12-02",0.98518,{"date":225,"score":154,"percentile":226},"2025-12-03",0.98519,{"date":228,"score":154,"percentile":181},"2025-12-04",{"date":230,"score":154,"percentile":176},"2025-12-05",{"date":232,"score":154,"percentile":176},"2025-12-06",{"date":234,"score":154,"percentile":176},"2025-12-07",{"date":236,"score":154,"percentile":237},"2025-12-08",0.98506,{"date":239,"score":154,"percentile":237},"2025-12-09",{"date":241,"score":154,"percentile":242},"2025-12-10",0.98508,{"date":244,"score":154,"percentile":245},"2025-12-11",0.98509,{"date":247,"score":154,"percentile":248},"2025-12-12",0.9851,{"date":250,"score":154,"percentile":245},"2025-12-13",{"date":252,"score":154,"percentile":245},"2025-12-14",{"date":254,"score":154,"percentile":245},"2025-12-15",{"date":256,"score":154,"percentile":248},"2025-12-16",{"date":258,"score":154,"percentile":259},"2025-12-17",0.98512,{"date":261,"score":154,"percentile":262},"2025-12-18",0.98511,{"date":264,"score":154,"percentile":262},"2025-12-19",{"date":266,"score":154,"percentile":262},"2025-12-20",{"date":268,"score":154,"percentile":262},"2025-12-21",{"date":270,"score":154,"percentile":259},"2025-12-22",{"date":272,"score":154,"percentile":259},"2025-12-23",{"date":274,"score":154,"percentile":275},"2025-12-24",0.98513,{"date":277,"score":154,"percentile":278},"2025-12-25",0.98514,{"date":280,"score":154,"percentile":278},"2025-12-26",{"date":282,"score":154,"percentile":283},"2025-12-27",0.9853,{"date":285,"score":154,"percentile":286},"2025-12-28",0.98515,{"date":288,"score":154,"percentile":286},"2025-12-29",{"date":290,"score":154,"percentile":286},"2025-12-30",{"date":292,"score":154,"percentile":220},"2025-12-31",{"date":294,"score":154,"percentile":295},"2026-01-01",0.98531,{"date":297,"score":154,"percentile":295},"2026-01-02",{"date":299,"score":154,"percentile":283},"2026-01-03",{"date":301,"score":154,"percentile":302},"2026-01-04",0.98517,{"date":304,"score":154,"percentile":302},"2026-01-05",{"date":306,"score":154,"percentile":226},"2026-01-06",{"date":308,"score":154,"percentile":309},"2026-01-07",0.9852,{"date":311,"score":154,"percentile":312},"2026-01-08",0.98521,{"date":314,"score":154,"percentile":315},"2026-01-09",0.98522,{"date":317,"score":154,"percentile":318},"2026-01-10",0.98523,{"date":320,"score":154,"percentile":318},"2026-01-11",{"date":322,"score":154,"percentile":315},"2026-01-12",{"date":324,"score":154,"percentile":312},"2026-01-13",{"date":326,"score":154,"percentile":315},"2026-01-14",{"date":328,"score":154,"percentile":318},"2026-01-15",{"date":330,"score":154,"percentile":318},"2026-01-16",{"date":332,"score":154,"percentile":333},"2026-01-17",0.98525,{"date":335,"score":154,"percentile":336},"2026-01-18",0.98526,{"date":338,"score":154,"percentile":339},"2026-01-19",0.98528,{"date":341,"score":154,"percentile":339},"2026-01-20",{"date":343,"score":154,"percentile":344},"2026-01-21",0.98529,{"date":346,"score":154,"percentile":283},"2026-01-22",{"date":348,"score":154,"percentile":349},"2026-01-23",0.98532,{"date":351,"score":154,"percentile":349},"2026-01-24",{"date":353,"score":154,"percentile":349},"2026-01-25",{"date":355,"score":154,"percentile":356},"2026-01-26",0.98534,{"date":358,"score":154,"percentile":356},"2026-01-27",{"date":360,"score":154,"percentile":361},"2026-01-28",0.98535,{"date":363,"score":154,"percentile":364},"2026-01-29",0.98536,{"date":366,"score":154,"percentile":364},"2026-01-30",{"date":368,"score":154,"percentile":364},"2026-01-31",{"date":370,"score":154,"percentile":371},"2026-02-01",0.98548,[373,377,383],{"source":68,"cvss_v2_0":9,"cvss_v3_0":374,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":66,"baseSeverity":375,"vectorString":69,"impactScore":66,"exploitabilityScore":376},"CRITICAL",10,{"source":74,"cvss_v2_0":378,"cvss_v3_0":382,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":379,"baseSeverity":9,"vectorString":380,"impactScore":381,"exploitabilityScore":376},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,{"baseScore":66,"baseSeverity":375,"vectorString":69,"impactScore":66,"exploitabilityScore":376},{"source":75,"cvss_v2_0":9,"cvss_v3_0":384,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":66,"baseSeverity":9,"vectorString":69,"impactScore":66,"exploitabilityScore":376},[386,398,407,417],{"ecosystem":9,"name":387,"vendor":388,"product":387,"cpe_part":389,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":390},"cobbler","cobbler_project","a",[391],{"version":392,"is_range":393,"range_type":394,"version_start":395,"version_start_type":396,"version_end":397,"version_end_type":396,"fixed_in":9},"gte2.6.0_lte2.6.11",true,"cpe","2.6.0","including","2.6.11",{"ecosystem":399,"name":387,"vendor":399,"product":387,"cpe_part":9,"purl_type":400,"purl_namespace":9,"purl_name":387,"source":9,"versions":401},"PyPI","pypi",[402],{"version":403,"is_range":393,"range_type":404,"version_start":395,"version_start_type":396,"version_end":405,"version_end_type":406,"fixed_in":9},"gte2_6_0_lt3_0_0","ecosystem","3.0.0","excluding",{"ecosystem":9,"name":408,"vendor":409,"product":408,"cpe_part":389,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":410},"satellite","redhat",[411,413,415],{"version":412,"is_range":62,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.6",{"version":414,"is_range":62,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.7",{"version":416,"is_range":62,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.8",{"ecosystem":9,"name":387,"vendor":418,"product":387,"cpe_part":389,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":419},"the cobbler project",[420],{"version":421,"is_range":393,"range_type":68,"version_start":395,"version_start_type":396,"version_end":422,"version_end_type":406,"fixed_in":9},"2.6.x","2.7.0"]