Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wOHcyLWY0NHAtZm1jas4AAaur
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
Permalink: https://github.com/advisories/GHSA-p8w2-f44p-fmcjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wOHcyLWY0NHAtZm1jas4AAaur
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 10 months ago
Identifiers: GHSA-p8w2-f44p-fmcj, CVE-2008-6954
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-6954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46625
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html
- http://freshmeat.net/projects/cobbler/releases/288374
- https://web.archive.org/web/20111227125913/http://secunia.com/advisories/32804
- https://web.archive.org/web/20111227151912/http://secunia.com/advisories/32737
- https://web.archive.org/web/20200228143518/http://www.securityfocus.com/bid/32317
- https://github.com/advisories/GHSA-p8w2-f44p-fmcj
Affected Packages
pypi:cobbler
Dependent packages: 0Dependent repositories: 11
Downloads: 1,176 last month
Affected Version Ranges: < 1.2.9
Fixed in: 1.2.9
All affected versions:
All unaffected versions: 3.1.2, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7