CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-40323

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile20.77th
Published2021年10月4日
Last Modified2024年11月21日

Vulnerability Description

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

Affected Platforms (CPE)

📦
Cobbler Project

Cobbler

<= 3.3.0

References & Advisories

🔗 https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
🔗 https://github.com/cobbler/cobbler/releases/tag/v3.3.0
🔗 https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
🔗 https://github.com/cobbler/cobbler/releases/tag/v3.3.0

関連する脆弱性情報

CVE-2018-10002269.8

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old...

CVE-2017-10004699.8

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary ...

CVE-2018-109319.8

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated...

CVE-2008-69549.0

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobbl...