High severityNVD Advisory· Published Jun 16, 2012· Updated Jun 16, 2026
CVE-2012-2395
CVE-2012-2395
Description
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cobblerPyPI | < 2.6.0 | 2.6.0 |
Affected products
5- cpe:2.3:a:michael_dehaan:cobbler:2.2.0:*:*:*:*:*:*:*
- ghsa-coords4 versionspkg:pypi/cobblerpkg:rpm/opensuse/cobbler&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/cobbler&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cobbler&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.6.0+ 3 more
- (no CPE)range: < 2.6.0
- (no CPE)range: < 3.1.2-lp152.6.3.1
- (no CPE)range: < 2.6.6-4.2
- (no CPE)range: < 3.1.2-bp152.4.3.1
Patches
Vulnerability mechanics
References
17- github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadfnvdExploitPatchWEB
- github.com/advisories/GHSA-g34c-mg6m-xvxjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-2395ghsaADVISORY
- bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999nvdWEB
- github.com/cobbler/cobbler/issues/141nvdWEB
- lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.htmlghsaWEB
- lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.htmlghsaWEB
- web.archive.org/web/20120712025653/http://www.securityfocus.com/bid/53666ghsaWEB
- www.openwall.com/lists/oss-security/2012/05/23/18ghsaWEB
- www.openwall.com/lists/oss-security/2012/05/23/4ghsaWEB
- www.osvdb.org/82458ghsaWEB
- lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.htmlnvd
- www.openwall.com/lists/oss-security/2012/05/23/18nvd
- www.openwall.com/lists/oss-security/2012/05/23/4nvd
- www.osvdb.org/82458nvd
- www.securityfocus.com/bid/53666nvd
News mentions
0No linked articles in our index yet.