Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-2235

Опубликовано: 18 окт. 2010
Источник: redhat
CVSS2: 7.1
EPSS Низкий

Описание

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-96
https://bugzilla.redhat.com/show_bug.cgi?id=607662(cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file

EPSS

Процентиль: 83%
0.01839
Низкий

7.1 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2010-2235

nvd
около 15 лет назад

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.

debian логотип

CVE-2010-2235

debian
около 15 лет назад

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Sa ...

github логотип

GHSA-jhm7-38xj-pvm8

github
больше 3 лет назад

Cobbler is vulnerable to code injection

EPSS

Процентиль: 83%
0.01839
Низкий

7.1 High

CVSS2