GHSA-g34c-mg6m-xvxj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g34c-mg6m-xvxj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g34c-mg6m-xvxj/GHSA-g34c-mg6m-xvxj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g34c-mg6m-xvxj
- Aliases
-
- CVE-2012-2395
- Published
- 2022-05-17T05:27:39Z
- Modified
- 2024-11-28T05:40:13.947375Z
- Summary
- Cobbler subject to Command Injection
- Details
-
A Command Injection in actionpower.py in Cobbler prior to v2.6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the powersystem method in the xmlrpc API.
- Database specific
{ "github_reviewed_at": "2023-02-06T20:08:52Z", "cwe_ids": [ "CWE-77" ], "nvd_published_at": "2012-06-16T00:55:00Z", "severity": "HIGH", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-2395
- https://github.com/cobbler/cobbler/issues/141
- https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf
- https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999
- https://github.com/cobbler/cobbler
- https://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html
- https://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html
- https://web.archive.org/web/20120712025653/http://www.securityfocus.com/bid/53666
- https://www.openwall.com/lists/oss-security/2012/05/23/18
- https://www.openwall.com/lists/oss-security/2012/05/23/4
- https://www.osvdb.org/82458
Affected packages
PyPI / cobbler
Package
- Name
- cobbler
- View open source insights on deps.dev
- Purl
- pkg:pypi/cobbler