CVE-2014-3225 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-3225 Interim 1 13 2023-07-17T00:52:51Z current 2021-05-30T13:20:45Z 2023-07-17T00:52:51Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-3225 Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 openSUSE Tumbleweed cobbler cobbler-2.6.6-4.2 cobbler-tests-2.6.6-4.2 cobbler-web-2.6.6-4.2 koan koan-2.6.6-4.2 cobbler-2.6.6-4.2 as a component of openSUSE Tumbleweed cobbler-tests-2.6.6-4.2 as a component of openSUSE Tumbleweed cobbler-web-2.6.6-4.2 as a component of openSUSE Tumbleweed koan-2.6.6-4.2 as a component of openSUSE Tumbleweed cobbler as a component of HPE Helion OpenStack 8 cobbler as a component of SUSE Manager Client Tools for SLE 12 koan as a component of SUSE Manager Client Tools for SLE 15 cobbler as a component of SUSE OpenStack Cloud 8 cobbler as a component of SUSE OpenStack Cloud 9 Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. CVE-2014-3225 openSUSE Tumbleweed:cobbler-2.6.6-4.2 openSUSE Tumbleweed:cobbler-tests-2.6.6-4.2 openSUSE Tumbleweed:cobbler-web-2.6.6-4.2 openSUSE Tumbleweed:koan-2.6.6-4.2 HPE Helion OpenStack 8:cobbler SUSE Manager Client Tools for SLE 12:cobbler SUSE Manager Client Tools for SLE 15:koan SUSE OpenStack Cloud 8:cobbler SUSE OpenStack Cloud 9:cobbler low 4 AV:N/AC:L/Au:S/C:P/I:N/A:N