Comment 1 for bug 858867

Confirmed, with the following. Marking medium, and tagging as a security bug. I'm not certain it exposes credentials, or anything else highly privileged. If this is not the case, please update the bug with an example.

Thanks.

#!/usr/bin/python
import xmlrpclib
server = xmlrpclib.Server("http://127.0.0.1/cobbler_api")
print server.get_distros()
print server.get_profiles()
print server.get_systems()
print server.get_images()
print server.get_repos()