Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability

info
discussion
exploit
solution
references

Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability

The web interface of Cobbler is prone to a remote privilege-escalation vulnerability.

Remote attackers who can edit kickstart templates may exploit this issue to execute arbitrary Python code with root privileges. Successfully exploiting this issue may compromise the affected computer.

Versions prior to Cobbler 1.2.9 are affected.