Cobbler Command Injection Vulnerability (CNVD-2022-18324)

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...

Privilege Escalation

cobbler is vulnerable to privilege escalation. The vulnerability exists due to the lack of template sanitization in the checkforinvalidimports function of templar.py, allowing Cheetah code to import Python modules without permission...

GHSA-6CM4-GM85-972C Command Injection in Cobbler

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the from MODULE import substring. Only lines beginning with import are blocked...

Design/Logic Flaw

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

UBUNTU-CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

CVE-2021-45082

CVE-2021-45082 affects Cobbler prior to 3.3.1. The issue resides in templar.py, where the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring (only lines starting with #import are blocked). This could enable unintended module ...

Cobbler 命令注入漏洞

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...