CVE-2017-1000469

Опубликовано: 19 окт. 2017

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

Отчет

Red Hat Satellite 5 is now in Production 3 Phase of the support and maintenance life cycle. The cobbler API has a user associated with it however the password is a randomly generated 64 character string, making the API inaccessible. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Satellite 5	cobbler	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-77

https://bugzilla.redhat.com/show_bug.cgi?id=1532468cobbler: Command injection in the "add repo" component allows for remote code execution

EPSS

Процентиль: 76%

0.0095

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2017-1000469

CVSS3: 9.8

ubuntu

около 8 лет назад

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

CVE-2017-1000469

CVSS3: 9.8

nvd

около 8 лет назад

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

CVE-2017-1000469

CVSS3: 9.8

debian

около 8 лет назад

Cobbler version up to 2.8.2 is vulnerable to a command injection vulne ...

openSUSE-SU-2018:1770-1

suse-cvrf

больше 7 лет назад

Security update for cobbler

SUSE-SU-2018:1741-1

suse-cvrf

больше 7 лет назад

Security update for cobbler

EPSS

Процентиль: 76%

0.0095

Низкий

8.8 High

CVSS3