CVE-2008-6954 – cobbler

Package

Manager: pip
Name: cobbler
Vulnerable Version: >=0 <1.2.9

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01835 pctl0.82221

Details

Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Metadata

Created: 2022-05-17T02:10:02Z
Modified: 2024-02-09T18:39:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p8w2-f44p-fmcj/GHSA-p8w2-f44p-fmcj.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-p8w2-f44p-fmcj
Finding: F422
Auto approve: 1