CVE-2017-1000469

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0990%

EPSS Percentile19.92th

Published2018年1月3日

Last Modified2024年11月21日

Vulnerability Description

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

Affected Platforms (CPE)

📦

Cobbler Project

Cobbler

<= 2.8.2

References & Advisories

🔗 https://github.com/cobbler/cobbler/issues/1845

関連する脆弱性情報

CVE-2018-109319.8

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated...

CVE-2018-10002269.8

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old...

CVE-2021-403239.8

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for ...

CVE-2008-69549.0

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobbl...