{"containers": {"cna": {"affected": [{"product": "cobbler", "vendor": "cobbler", "versions": [{"status": "affected", "version": "2011-09-28"}]}], "descriptions": [{"lang": "en", "value": "cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE"}], "problemTypes": [{"descriptions": [{"description": "Local privilege escalation due use of insecure (world writable) location for PYTHON_EGG_CACHE cache", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-19T15:41:37", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4954"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2011-4954"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:38.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4954"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2011-4954"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4954", "datePublished": "2019-11-19T15:41:37", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:38.937Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobblerd:cobbler:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CFB14EA-6617-42FD-8D8E-743B0DF942EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE"}, {"lang": "es", "value": "cobbler presenta una escalada de privilegios locales mediante el uso de una ubicaci\u00f3n no segura para PYTHON_EGG_CACHE."}], "id": "CVE-2011-4954", "lastModified": "2024-11-21T01:33:21.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-19T16:15:10.930", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4954"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/12/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-4954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4954"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cobbler: Local privilege escalation due use of insecure (world writable) location for PYTHON_EGG_CACHE cache", "id": "811926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=811926"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "draft"}, "details": ["cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE"], "name": "CVE-2011-4954", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Not affected", "package_name": "Server", "product_name": "Red Hat Satellite 5.4"}], "public_date": "2011-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4954\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4954"], "statement": "This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as it did not include the upstream commit be4fc806637cf8cec275fea80b892182879580eb that introduced this flaw.", "threat_severity": "Important"}