CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-6954

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile24.95th
Published2009年8月12日
Last Modified2026年4月23日

Vulnerability Description

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Affected Platforms (CPE)

📦
Michael Dehaan

Cobbler

<= 1.2.8
📦
Michael Dehaan

Cobbler

= 0.1.1.7
📦
Michael Dehaan

Cobbler

= 0.2.1
📦
Michael Dehaan

Cobbler

= 0.2.2
📦
Michael Dehaan

Cobbler

= 0.2.3
📦
Michael Dehaan

Cobbler

= 0.2.5
📦
Michael Dehaan

Cobbler

= 0.2.7
📦
Michael Dehaan

Cobbler

= 0.2.8
📦
Michael Dehaan

Cobbler

= 0.2.9
📦
Michael Dehaan

Cobbler

= 0.3.0
📦
Michael Dehaan

Cobbler

= 0.3.1
📦
Michael Dehaan

Cobbler

= 0.3.3
📦
Michael Dehaan

Cobbler

= 0.3.4
📦
Michael Dehaan

Cobbler

= 0.3.5
📦
Michael Dehaan

Cobbler

= 0.3.6
📦
Michael Dehaan

Cobbler

= 0.3.7
📦
Michael Dehaan

Cobbler

= 0.3.9
📦
Michael Dehaan

Cobbler

= 0.4.0
📦
Michael Dehaan

Cobbler

= 0.4.2
📦
Michael Dehaan

Cobbler

= 0.4.3
📦
Michael Dehaan

Cobbler

= 0.4.5
📦
Michael Dehaan

Cobbler

= 0.4.6
📦
Michael Dehaan

Cobbler

= 0.4.7
📦
Michael Dehaan

Cobbler

= 0.4.8
📦
Michael Dehaan

Cobbler

= 0.5.0
📦
Michael Dehaan

Cobbler

= 0.6.0
📦
Michael Dehaan

Cobbler

= 0.6.1
📦
Michael Dehaan

Cobbler

= 0.6.3
📦
Michael Dehaan

Cobbler

= 0.6.4
📦
Michael Dehaan

Cobbler

= 0.6.5
📦
Michael Dehaan

Cobbler

= 0.8.1
📦
Michael Dehaan

Cobbler

= 0.8.3
📦
Michael Dehaan

Cobbler

= 1.0.0
📦
Michael Dehaan

Cobbler

= 1.0.2
📦
Michael Dehaan

Cobbler

= 1.0.2-1
📦
Michael Dehaan

Cobbler

= 1.0.3-1
📦
Michael Dehaan

Cobbler

= 1.2.0
📦
Michael Dehaan

Cobbler

= 1.2.2
📦
Michael Dehaan

Cobbler

= 1.2.3
📦
Michael Dehaan

Cobbler

= 1.2.5
📦
Michael Dehaan

Cobbler

= 1.2.6
📦
Michael Dehaan

Cobbler

= 1.2.7

References & Advisories

🔗 http://freshmeat.net/projects/cobbler/releases/288374
🔗 http://osvdb.org/50291
🔗 http://secunia.com/advisories/32737
🔗 http://secunia.com/advisories/32804
🔗 http://www.securityfocus.com/bid/32317
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/46625
🔗 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
🔗 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html

関連する脆弱性情報

CVE-2018-109319.8

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated...

CVE-2017-10004699.8

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary ...

CVE-2021-403239.8

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for ...

CVE-2018-10002269.8

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old...