CVE-2021-40323 – cobbler

Package

Manager: pip
Name: cobbler
Vulnerable Version: >=0 <3.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.93927 pctl0.99872

Details

Cobbler before 3.3.0 allows log poisoning Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

Metadata

Created: 2021-10-05T17:53:20Z
Modified: 2024-09-13T15:11:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-cpqf-3c3r-c9g2/GHSA-cpqf-3c3r-c9g2.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-cpqf-3c3r-c9g2
Finding: F422
Auto approve: 1