Confirmed, with the following. Marking medium, and tagging as a
security bug. I'm not certain it exposes credentials, or anything else
highly privileged. If this is not the case, please update the bug with
an example.
Thanks.
#!/usr/bin/python
import xmlrpclib
server = xmlrpclib.Server("http://127.0.0.1/cobbler_api";)
print server.get_distros()
print server.get_profiles()
print server.get_systems()
print server.get_images()
print server.get_repos()
** Changed in: cobbler (Ubuntu)
Importance: High => Medium
** Also affects: cobbler (Ubuntu Oneiric)
Importance: Medium
Status: New
** Also affects: cobbler (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: cobbler (Ubuntu Oneiric)
Status: New => Confirmed
** Changed in: cobbler (Ubuntu Precise)
Status: New => Confirmed
** Changed in: cobbler (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: cobbler (Ubuntu Oneiric)
Milestone: None => oneiric-updates
** Changed in: cobbler (Ubuntu Precise)
Milestone: None => precise-alpha-1
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various methods (which it
shouldn't)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
