Published: 09/12/2010 Updated: 13/02/2023

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

template_api.py in Cobbler prior to 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.

Vulnerable Product	Search on Vulmon	Subscribe to Product
michael dehaan cobbler 1.0.2
michael dehaan cobbler 1.6.1
michael dehaan cobbler 1.2.0
michael dehaan cobbler 1.6.8
michael dehaan cobbler 1.2.8
michael dehaan cobbler 1.6.6-1
michael dehaan cobbler 2.0.0
michael dehaan cobbler 0.2.3
michael dehaan cobbler 1.2.2
michael dehaan cobbler 0.2.7
michael dehaan cobbler 0.3.5
michael dehaan cobbler 2.0.1-1
michael dehaan cobbler 0.3.0
michael dehaan cobbler 1.4.3-4
michael dehaan cobbler 1.2.6
michael dehaan cobbler 0.4.0
michael dehaan cobbler 1.2.3
michael dehaan cobbler 0.4.3
michael dehaan cobbler 0.8.1
michael dehaan cobbler 1.3.3
michael dehaan cobbler 1.6.3
michael dehaan cobbler 1.6.8-1
michael dehaan cobbler 0.2.5
michael dehaan cobbler 0.8.3
michael dehaan cobbler 1.0.2-1
michael dehaan cobbler
michael dehaan cobbler 1.4.3
michael dehaan cobbler 1.6.2
michael dehaan cobbler 2.0.3
michael dehaan cobbler 0.3.7
michael dehaan cobbler 1.2.9-1
michael dehaan cobbler 1.3.3-1
michael dehaan cobbler 0.6.4
michael dehaan cobbler 1.6.5
michael dehaan cobbler 1.6.4-1
michael dehaan cobbler 0.4.6
michael dehaan cobbler 0.2.1
michael dehaan cobbler 0.4.7
michael dehaan cobbler 1.4.1
michael dehaan cobbler 0.6.5
michael dehaan cobbler 2.0.0-1
michael dehaan cobbler 0.6.1
michael dehaan cobbler 1.6.1-1
michael dehaan cobbler 1.2.5
michael dehaan cobbler 0.1.1.7
michael dehaan cobbler 1.6.6
michael dehaan cobbler 1.3.4
michael dehaan cobbler 1.2.9
michael dehaan cobbler 1.4.2
michael dehaan cobbler 0.3.9
michael dehaan cobbler 1.3.1
michael dehaan cobbler 1.2.8-1
michael dehaan cobbler 1.3.1-1
michael dehaan cobbler 2.0.1
michael dehaan cobbler 0.4.2
michael dehaan cobbler 1.4.1-1
michael dehaan cobbler 1.6.3-1
michael dehaan cobbler 1.3.4-1
michael dehaan cobbler 1.0.3-1
michael dehaan cobbler 1.0.0
michael dehaan cobbler 1.4.2-1
michael dehaan cobbler 0.5.0
michael dehaan cobbler 0.6.0
michael dehaan cobbler 0.3.4
michael dehaan cobbler 0.2.8
michael dehaan cobbler 1.2.7
michael dehaan cobbler 1.4.0
michael dehaan cobbler 0.2.2
michael dehaan cobbler 1.6.4
michael dehaan cobbler 0.4.8
michael dehaan cobbler 0.6.3
michael dehaan cobbler 2.0.3.1-2
michael dehaan cobbler 1.4.0-2
michael dehaan cobbler 2.0.4-1
michael dehaan cobbler 1.6.2-1
michael dehaan cobbler 0.3.1
michael dehaan cobbler 0.2.9
michael dehaan cobbler 0.3.3
michael dehaan cobbler 0.4.5
michael dehaan cobbler 2.0.3.1
michael dehaan cobbler 0.3.6
michael dehaan cobbler 1.6.5-1

Synopsis Important: cobbler security update Type/Severity Security Advisory: Important Topic An updated cobbler package that fixes one security issue is now availablefor Red Hat Network Satellite Server 53The Red Hat Security Response Team has rated this update as havingimportant security impact A Common ...

CWE-94 https://bugzilla.redhat.com/show_bug.cgi?id=607662 http://www.redhat.com/support/errata/RHSA-2010-0775.html http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz https://access.redhat.com/errata/RHSA-2010:0775 https://nvd.nist.gov

Get Started

CVE-2010-2235

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect