Описание
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | not-affected | 2.4.1-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.4.1-0ubuntu2]] |
| hardy | DNE | |
| lucid | DNE | |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...
EPSS
7.5 High
CVSS2