TL;DR: There are several privilege escalation vulnerabilities in Cobbler’s XMLRPC API. There are also many endpoints that are not validating the auth tokens passed to them. As a result, the API is effectively unauthenticated. Consider using a firewall to restrict access to the /cobbler_api endpoint.
[Read More]
README badges are vulnerabilities
TL;DR: Badges are not magic. They are just image hotlinks, and therefore you need to be able to trust the third party who serves them.
[Read More]
Building Bots to mend Broken Badges (or how to get your GitHub account suspended)
TL;DR: Many badges were broken since they were using the shuttered pypi.in site. I wrote a bot that could fix these and automatically submit pull requests with the changes. And then I had my GitHub account suspended. Do not make automatic unsolicited pull requests.
[Read More]