Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD
Cobbler is vulnerable to code injection
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
Permalink: https://github.com/advisories/GHSA-jhm7-38xj-pvm8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-jhm7-38xj-pvm8, CVE-2010-2235
References:
- https://nvd.nist.gov/vuln/detail/CVE-2010-2235
- https://bugzilla.redhat.com/show_bug.cgi?id=607662
- https://access.redhat.com/errata/RHSA-2010:0775
- https://access.redhat.com/security/cve/CVE-2010-2235
- https://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz
- https://www.redhat.com/support/errata/RHSA-2010-0775.html
- https://github.com/advisories/GHSA-jhm7-38xj-pvm8
Affected Packages
pypi:cobbler
Dependent packages: 0Dependent repositories: 11
Downloads: 229 last month
Affected Version Ranges: < 2.0.7
Fixed in: 2.0.7
All affected versions:
All unaffected versions: 3.1.2, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4