CVE-2010-2235

Name of the Vulnerable Software and Affected Versions Cobbler versions prior to 2.0.7

Description The issue allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file. This is due to the template api.py file not disabling the ability of the Cheetah template engine to execute Python statements contained in templates.

Recommendations For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the template engine or limiting the ability to execute Python statements in templates.