CVE-2010-2235
Description
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.839
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2010-2235 are fixed in Python-cobbler 2.0.7 | Windows |
| Multiple vulnerabilities are affected in Python-cobbler 0.6.3-2 | Windows |
| Vulnerabilities CVE-2010-2235 are fixed in Python-cobbler for linux 2.0.7 | Linux |
| Multiple vulnerabilities are affected in Python-cobbler for linux 0.6.3-2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234