Security Advisory

CVE-2010-2235

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-12-09 19:00:00

Last updated 2024-08-07 02:25:07

Assigner redhat

State PUBLISHED

Description

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.

← Browse all CVEs View on cve.org ↗