Lucene search
RedhatCVE-2010-2235HistoryDec 09, 2010 - 8:00 p.m.
CVE-2010-2235
2010-12-0920:00:17
CWE-94
redhat
web.nvd.nist.gov
30
cobbler
cve-2010-2235
red hat network satellite server
information security
vulnerability
python
template engine
remote code execution
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
7.1
Confidence
Low
EPSS
0.006
Percentile
78.6%
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
Affected configurations
Node
michael_dehaancobblerRange≤2.0.4
ORmichael_dehaancobblerMatch0.1.1.7
ORmichael_dehaancobblerMatch0.2.1
ORmichael_dehaancobblerMatch0.2.2
ORmichael_dehaancobblerMatch0.2.3
ORmichael_dehaancobblerMatch0.2.5
ORmichael_dehaancobblerMatch0.2.7
ORmichael_dehaancobblerMatch0.2.8
ORmichael_dehaancobblerMatch0.2.9
ORmichael_dehaancobblerMatch0.3.0
ORmichael_dehaancobblerMatch0.3.1
ORmichael_dehaancobblerMatch0.3.3
ORmichael_dehaancobblerMatch0.3.4
ORmichael_dehaancobblerMatch0.3.5
ORmichael_dehaancobblerMatch0.3.6
ORmichael_dehaancobblerMatch0.3.7
ORmichael_dehaancobblerMatch0.3.9
ORmichael_dehaancobblerMatch0.4.0
ORmichael_dehaancobblerMatch0.4.2
ORmichael_dehaancobblerMatch0.4.3
ORmichael_dehaancobblerMatch0.4.5
ORmichael_dehaancobblerMatch0.4.6
ORmichael_dehaancobblerMatch0.4.7
ORmichael_dehaancobblerMatch0.4.8
ORmichael_dehaancobblerMatch0.5.0
ORmichael_dehaancobblerMatch0.6.0
ORmichael_dehaancobblerMatch0.6.1
ORmichael_dehaancobblerMatch0.6.3
ORmichael_dehaancobblerMatch0.6.4
ORmichael_dehaancobblerMatch0.6.5
ORmichael_dehaancobblerMatch0.8.1
ORmichael_dehaancobblerMatch0.8.3
ORmichael_dehaancobblerMatch1.0.0
ORmichael_dehaancobblerMatch1.0.2
ORmichael_dehaancobblerMatch1.0.2-1
ORmichael_dehaancobblerMatch1.0.3-1
ORmichael_dehaancobblerMatch1.2.0
ORmichael_dehaancobblerMatch1.2.2
ORmichael_dehaancobblerMatch1.2.3
ORmichael_dehaancobblerMatch1.2.5
ORmichael_dehaancobblerMatch1.2.6
ORmichael_dehaancobblerMatch1.2.7
ORmichael_dehaancobblerMatch1.2.8
ORmichael_dehaancobblerMatch1.2.8-1
ORmichael_dehaancobblerMatch1.2.9
ORmichael_dehaancobblerMatch1.2.9-1
ORmichael_dehaancobblerMatch1.3.1
ORmichael_dehaancobblerMatch1.3.1-1
ORmichael_dehaancobblerMatch1.3.3
ORmichael_dehaancobblerMatch1.3.3-1
ORmichael_dehaancobblerMatch1.3.4
ORmichael_dehaancobblerMatch1.3.4-1
ORmichael_dehaancobblerMatch1.4.0
ORmichael_dehaancobblerMatch1.4.0-2
ORmichael_dehaancobblerMatch1.4.1
ORmichael_dehaancobblerMatch1.4.1-1
ORmichael_dehaancobblerMatch1.4.2
ORmichael_dehaancobblerMatch1.4.2-1
ORmichael_dehaancobblerMatch1.4.3
ORmichael_dehaancobblerMatch1.4.3-4
ORmichael_dehaancobblerMatch1.6.1
ORmichael_dehaancobblerMatch1.6.1-1
ORmichael_dehaancobblerMatch1.6.2
ORmichael_dehaancobblerMatch1.6.2-1
ORmichael_dehaancobblerMatch1.6.3
ORmichael_dehaancobblerMatch1.6.3-1
ORmichael_dehaancobblerMatch1.6.4
ORmichael_dehaancobblerMatch1.6.4-1
ORmichael_dehaancobblerMatch1.6.5
ORmichael_dehaancobblerMatch1.6.5-1
ORmichael_dehaancobblerMatch1.6.6
ORmichael_dehaancobblerMatch1.6.6-1
ORmichael_dehaancobblerMatch1.6.8
ORmichael_dehaancobblerMatch1.6.8-1
ORmichael_dehaancobblerMatch2.0.0
ORmichael_dehaancobblerMatch2.0.0-1
ORmichael_dehaancobblerMatch2.0.1
ORmichael_dehaancobblerMatch2.0.1-1
ORmichael_dehaancobblerMatch2.0.3
ORmichael_dehaancobblerMatch2.0.3.1
ORmichael_dehaancobblerMatch2.0.3.1-2
ORmichael_dehaancobblerMatch2.0.4-1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| michael_dehaan | cobbler | * | cpe:2.3:a:michael_dehaan:cobbler:*:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.1.1.7 | cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.1 | cpe:2.3:a:michael_dehaan:cobbler:0.2.1:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.2 | cpe:2.3:a:michael_dehaan:cobbler:0.2.2:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.3 | cpe:2.3:a:michael_dehaan:cobbler:0.2.3:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.5 | cpe:2.3:a:michael_dehaan:cobbler:0.2.5:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.7 | cpe:2.3:a:michael_dehaan:cobbler:0.2.7:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.8 | cpe:2.3:a:michael_dehaan:cobbler:0.2.8:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.2.9 | cpe:2.3:a:michael_dehaan:cobbler:0.2.9:*:*:*:*:*:*:* |
| michael_dehaan | cobbler | 0.3.0 | cpe:2.3:a:michael_dehaan:cobbler:0.3.0:*:*:*:*:*:*:* |
Related
osv
osv
Cobbler is vulnerable to code injection
2022-05-17 05:45:48
cvelist
cvelist
CVE-2010-2235
2010-12-09 19:00:00
CVE-2008-6954
2009-08-12 10:00:00
prion
prion
Design/Logic Flaw
2010-12-09 20:00:00
Code injection
2009-08-12 10:30:00
github
github
Cobbler is vulnerable to code injection
2022-05-17 05:45:48
nvd
nvd
CVE-2010-2235
2010-12-09 20:00:17
CVE-2008-6954
2009-08-12 10:30:00
nessus
nessus
RHEL 4 / 5 : cobbler (RHSA-2010:0775)
2010-10-18 00:00:00
Fedora 9 : cobbler-1.2.9-1.fc9 (2008-9745)
2008-11-21 00:00:00
Fedora 8 : cobbler-1.2.9-1.fc8 (2008-9723)
2008-11-21 00:00:00
gitlab
gitlab
Improper Control of Generation of Code ('Code Injection')
2022-05-17 00:00:00
redhat
redhat
(RHSA-2010:0775) Important: cobbler security update
2010-10-18 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:47:40
openvas
openvas
Fedora Update for cobbler FEDORA-2008-9723
2009-02-17 00:00:00
Fedora Update for cobbler FEDORA-2008-9745
2009-02-17 00:00:00
Fedora Update for cobbler FEDORA-2008-9745
2009-02-17 00:00:00
cve
cve
CVE-2008-6954
2009-08-12 10:30:00
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
7.1
Confidence
Low
EPSS
0.006
Percentile
78.6%
Related for CVE-2010-2235