CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6954

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile24.95th
PublishedAug 12, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Affected Platforms (CPE)

πŸ“¦
Michael Dehaan

Cobbler

<= 1.2.8
πŸ“¦
Michael Dehaan

Cobbler

= 0.1.1.7
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.1
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.2
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.3
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.5
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.7
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.8
πŸ“¦
Michael Dehaan

Cobbler

= 0.2.9
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.0
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.1
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.3
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.4
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.5
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.6
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.7
πŸ“¦
Michael Dehaan

Cobbler

= 0.3.9
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.0
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.2
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.3
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.5
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.6
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.7
πŸ“¦
Michael Dehaan

Cobbler

= 0.4.8
πŸ“¦
Michael Dehaan

Cobbler

= 0.5.0
πŸ“¦
Michael Dehaan

Cobbler

= 0.6.0
πŸ“¦
Michael Dehaan

Cobbler

= 0.6.1
πŸ“¦
Michael Dehaan

Cobbler

= 0.6.3
πŸ“¦
Michael Dehaan

Cobbler

= 0.6.4
πŸ“¦
Michael Dehaan

Cobbler

= 0.6.5
πŸ“¦
Michael Dehaan

Cobbler

= 0.8.1
πŸ“¦
Michael Dehaan

Cobbler

= 0.8.3
πŸ“¦
Michael Dehaan

Cobbler

= 1.0.0
πŸ“¦
Michael Dehaan

Cobbler

= 1.0.2
πŸ“¦
Michael Dehaan

Cobbler

= 1.0.2-1
πŸ“¦
Michael Dehaan

Cobbler

= 1.0.3-1
πŸ“¦
Michael Dehaan

Cobbler

= 1.2.0
πŸ“¦
Michael Dehaan

Cobbler

= 1.2.2
πŸ“¦
Michael Dehaan

Cobbler

= 1.2.3
πŸ“¦
Michael Dehaan

Cobbler

= 1.2.5
πŸ“¦
Michael Dehaan

Cobbler

= 1.2.6
πŸ“¦
Michael Dehaan

Cobbler

= 1.2.7

References & Advisories

πŸ”— http://freshmeat.net/projects/cobbler/releases/288374
πŸ”— http://osvdb.org/50291
πŸ”— http://secunia.com/advisories/32737
πŸ”— http://secunia.com/advisories/32804
πŸ”— http://www.securityfocus.com/bid/32317
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/46625
πŸ”— https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
πŸ”— https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html

Related Vulnerabilities

CVE-2018-109319.8

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated...

CVE-2017-10004699.8

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary ...

CVE-2021-403239.8

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for ...

CVE-2018-10002269.8

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old...