GHSA-p8w2-f44p-fmcj

Suggest an improvement
Source
https://github.com/advisories/GHSA-p8w2-f44p-fmcj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p8w2-f44p-fmcj/GHSA-p8w2-f44p-fmcj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p8w2-f44p-fmcj
Aliases
  • CVE-2008-6954
Published
2022-05-17T02:10:02Z
Modified
2024-02-09T18:56:57.384235Z
Summary
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
Details

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Database specific
{
    "nvd_published_at": "2009-08-12T10:30:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T18:39:18Z"
}
References

Affected packages

PyPI / cobbler

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.9

Affected versions

0.*

0.6.3-2