Lucene search
GoogleOSV:GHSA-JHM7-38XJ-PVM8HistoryMay 17, 2022 - 5:45 a.m.
Cobbler is vulnerable to code injection
2022-05-1705:45:48
Google
osv.dev
3
0.007 Low
EPSS
Percentile
80.4%
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
References
access.redhat.com/errata/RHSA-2010:0775
access.redhat.com/security/cve/CVE-2010-2235
bugzilla.redhat.com/show_bug.cgi?id=607662
github.com/cobbler/cobbler
nvd.nist.gov/vuln/detail/CVE-2010-2235
people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz
www.redhat.com/support/errata/RHSA-2010-0775.html
Related
prion
prion
Design/Logic Flaw
2010-12-09 20:00:00
Code injection
2009-08-12 10:30:00
cve
cve
CVE-2010-2235
2010-12-09 20:00:17
CVE-2008-6954
2009-08-12 10:30:00
github
github
Cobbler is vulnerable to code injection
2022-05-17 05:45:48
nvd
nvd
CVE-2010-2235
2010-12-09 20:00:17
CVE-2008-6954
2009-08-12 10:30:00
nessus
nessus
RHEL 4 / 5 : cobbler (RHSA-2010:0775)
2010-10-18 00:00:00
Fedora 9 : cobbler-1.2.9-1.fc9 (2008-9745)
2008-11-21 00:00:00
Fedora 8 : cobbler-1.2.9-1.fc8 (2008-9723)
2008-11-21 00:00:00
cvelist
cvelist
CVE-2010-2235
2010-12-09 19:00:00
CVE-2008-6954
2009-08-12 10:00:00
gitlab
gitlab
Improper Control of Generation of Code ('Code Injection')
2022-05-17 00:00:00
redhat
redhat
(RHSA-2010:0775) Important: cobbler security update
2010-10-18 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:47:40
osv
osv
openvas
openvas
Fedora Update for cobbler FEDORA-2008-9723
2009-02-17 00:00:00
Fedora Update for cobbler FEDORA-2008-9723
2009-02-17 00:00:00
Fedora Update for cobbler FEDORA-2008-9745
2009-02-17 00:00:00