Lucene search
Veracode Vulnerability DatabaseVERACODE:24150HistoryApr 10, 2020 - 12:47 a.m.
Remote Code Execution (RCE)
2020-04-1000:47:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.007 Low
EPSS
Percentile
80.3%
Cobbler is vulnerable to Remote Code Execution (RCE). A code injection flaw was found in the way Cobbler processed templates for kickstart files. A remote, authenticated user, that has the Configuration Administrator role privilege, could use this flaw to create a specially-crafted kickstart template file containing embedded Python code that could, when processed by Cheetah, execute arbitrary code with root privileges on the Red Hat Network Satellite Server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cobbler | eq | 1.6.6__3.el4sat | |
| cobbler | eq | 1.6.6__3.el5sat | |
| cobbler | eq | 1.6.6__3.el4sat | |
| cobbler | eq | 1.6.6__3.el5sat |
References
Related
gitlab
gitlab
Improper Control of Generation of Code ('Code Injection')
2022-05-17 00:00:00
redhat
redhat
(RHSA-2010:0775) Important: cobbler security update
2010-10-18 00:00:00
prion
prion
Design/Logic Flaw
2010-12-09 20:00:00
cve
cve
CVE-2010-2235
2010-12-09 20:00:17
github
github
Cobbler is vulnerable to code injection
2022-05-17 05:45:48
cvelist
cvelist
CVE-2010-2235
2010-12-09 19:00:00
nvd
nvd
CVE-2010-2235
2010-12-09 20:00:17
nessus
nessus
RHEL 4 / 5 : cobbler (RHSA-2010:0775)
2010-10-18 00:00:00
osv
osv
Cobbler is vulnerable to code injection
2022-05-17 05:45:48