ubuntu · CVE-2012-2395

Quick triage

Priority: medium Published: 2012-06-16 00:55:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-2395 medium priority: Ubuntu including 2 source packages (cobbler, maas-provision), 36 status rows across 18 suites (artful, bionic, hardy, lucid, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 20, ignored 13, needs-triage 2, not-affected 1.

Description:

Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.

cvelogic Threat Intelligence