Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD

Cobbler is vulnerable to code injection

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.

Permalink: https://github.com/advisories/GHSA-jhm7-38xj-pvm8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


Identifiers: GHSA-jhm7-38xj-pvm8, CVE-2010-2235
References: Blast Radius: 0.0

Affected Packages

pypi:cobbler
Dependent packages: 0
Dependent repositories: 11
Downloads: 1,176 last month
Affected Version Ranges: < 2.0.7
Fixed in: 2.0.7
All affected versions:
All unaffected versions: 3.1.2, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7