GHSA-p8w2-f44p-fmcj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p8w2-f44p-fmcj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p8w2-f44p-fmcj/GHSA-p8w2-f44p-fmcj.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-p8w2-f44p-fmcj
- Aliases
-
- CVE-2008-6954
- Published
- 2022-05-17T02:10:02Z
- Modified
- 2024-12-06T05:38:51.863616Z
- Summary
- Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
- Details
-
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
- Database specific
{ "severity": "HIGH", "nvd_published_at": "2009-08-12T10:30:00Z", "github_reviewed_at": "2024-02-09T18:39:18Z", "github_reviewed": true, "cwe_ids": [ "CWE-94" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-6954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46625
- https://github.com/cobbler/cobbler
- https://web.archive.org/web/20111227125913/http://secunia.com/advisories/32804
- https://web.archive.org/web/20111227151912/http://secunia.com/advisories/32737
- https://web.archive.org/web/20200228143518/http://www.securityfocus.com/bid/32317
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html
- http://freshmeat.net/projects/cobbler/releases/288374
Affected packages
PyPI / cobbler
Package
- Name
- cobbler
- View open source insights on deps.dev
- Purl
- pkg:pypi/cobbler