hello, I would like to know whether this issue has been addressed before:
I have created a regular cobbler profile, nothing fancy. The only thing I did different is changing the 'Kickstart' value to the famous /etc/passwd file. After saving the profile, I went to 'View Kickstart' and managed to get all the passwd content. This issue allows any remote attacker to get the local users list and I am quite sure this can be classified as a security vulnerability. Please let me know as we have multiple cobbler instances here. -- df
_______________________________________________ cobbler mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/cobbler
