An issue exists in Cobbler prior to 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cobbler project cobbler |
||
suse linux enterprise server 11 |
||
opensuse factory - |
||
suse linux enterprise server 12 |
||
suse linux enterprise server 15 |
||
opensuse backports sle-15 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |