Lucene search
GoogleOSV:GHSA-P8W2-F44P-FMCJHistoryMay 17, 2022 - 2:10 a.m.
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
2022-05-1702:10:02
Google
osv.dev
8
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
References
freshmeat.net/projects/cobbler/releases/288374
exchange.xforce.ibmcloud.com/vulnerabilities/46625
github.com/cobbler/cobbler
nvd.nist.gov/vuln/detail/CVE-2008-6954
web.archive.org/web/20111227125913/secunia.com/advisories/32804
web.archive.org/web/20111227151912/secunia.com/advisories/32737
web.archive.org/web/20200228143518/www.securityfocus.com/bid/32317
www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html
Related
prion
prion
Code injection
2009-08-12 10:30:00
Design/Logic Flaw
2010-12-09 20:00:00
openvas
openvas
Fedora Update for cobbler FEDORA-2008-9745
2009-02-17 00:00:00
Fedora Update for cobbler FEDORA-2008-9745
2009-02-17 00:00:00
Fedora Update for cobbler FEDORA-2008-9723
2009-02-17 00:00:00
cve
cve
CVE-2008-6954
2009-08-12 10:30:00
CVE-2010-2235
2010-12-09 20:00:17
nessus
nessus
Fedora 8 : cobbler-1.2.9-1.fc8 (2008-9723)
2008-11-21 00:00:00
Fedora 9 : cobbler-1.2.9-1.fc9 (2008-9745)
2008-11-21 00:00:00
RHEL 4 / 5 : cobbler (RHSA-2010:0775)
2010-10-18 00:00:00
gitlab
gitlab
github
github
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
2022-05-17 02:10:02
Cobbler is vulnerable to code injection
2022-05-17 05:45:48
cvelist
cvelist
CVE-2008-6954
2009-08-12 10:00:00
CVE-2010-2235
2010-12-09 19:00:00
nvd
nvd
CVE-2008-6954
2009-08-12 10:30:00
CVE-2010-2235
2010-12-09 20:00:17
osv
osv
Cobbler is vulnerable to code injection
2022-05-17 05:45:48