cbcvebase.
CVE-2008-6954
published 2009-08-12

CVE-2008-6954: The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah…

PriorityP344critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
2.15%
79.8th percentile
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Affected

85 ranges· showing 25
VendorProductVersion rangeFixed in
cobbler_projectcobbler>= 0 < 2.0.72.0.7
cobbler_projectcobbler>= 0 < 1.2.91.2.9
michael_dehaancobbler<= 1.2.8
michael_dehaancobbler<= 2.0.4
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler
michael_dehaancobbler

CVSS provenance

nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
ghsa9.0CRITICAL
osv9.0CRITICAL
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.