Описание
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.2.2-0ubuntu1 |
| hardy | DNE | |
| lucid | DNE | |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | released | 2.2.2-0ubuntu1 |
| quantal | released | 2.2.2-0ubuntu1 |
| raring | released | 2.2.2-0ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 al ...
Cobbler vulnerable to code injection via unsafe YAML loading
EPSS
6.8 Medium
CVSS2