CVE-2024-47533 is a critical authentication bypass vulnerability in Cobbler, a Linux installation server that automates network-based OS installs.
The flaw is caused by an issue in utils.get_shared_secret() which always returns -1, enabling unauthenticated access to the Cobbler XML-RPC API.
An attacker can connect with:
- Username:
""(empty string) - Password:
-1
This grants administrator-level access to perform actions like adding distros, managing profiles, or executing system commands via Cobbler.
- Affected Versions: 3.0.0 โ before 3.2.3 and 3.3.0 โ before 3.3.7
- Patched Versions: 3.2.3 and 3.3.7
- CVSS Score: 9.8 (Critical)
This repository is for educational and authorized security testing only.
Do NOT run this exploit on systems you do not own or have explicit permission to test.
The author(s) are not responsible for any misuse.