CyberSec.Space Logo
Back to CVE Browser

CVE-2021-40323

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile20.77th
PublishedOct 4, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

Affected Platforms (CPE)

πŸ“¦
Cobbler Project

Cobbler

<= 3.3.0

References & Advisories

πŸ”— https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
πŸ”— https://github.com/cobbler/cobbler/releases/tag/v3.3.0
πŸ”— https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
πŸ”— https://github.com/cobbler/cobbler/releases/tag/v3.3.0

Related Vulnerabilities

CVE-2018-10002269.8

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old...

CVE-2017-10004699.8

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary ...

CVE-2018-109319.8

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated...

CVE-2008-69549.0

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobbl...