Confirmed, with the following. Marking medium, and tagging as a security bug. I'm not certain it exposes credentials, or anything else highly privileged. If this is not the case, please update the bug with an example.
Thanks. #!/usr/bin/python import xmlrpclib server = xmlrpclib.Server("http://127.0.0.1/cobbler_api") print server.get_distros() print server.get_profiles() print server.get_systems() print server.get_images() print server.get_repos() ** Changed in: cobbler (Ubuntu) Importance: High => Medium ** Also affects: cobbler (Ubuntu Oneiric) Importance: Medium Status: New ** Also affects: cobbler (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: cobbler (Ubuntu Oneiric) Status: New => Confirmed ** Changed in: cobbler (Ubuntu Precise) Status: New => Confirmed ** Changed in: cobbler (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: cobbler (Ubuntu Oneiric) Milestone: None => oneiric-updates ** Changed in: cobbler (Ubuntu Precise) Milestone: None => precise-alpha-1 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs