CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-40323

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile20.77th
Published2021年10月4日
Last Modified2024年11月21日

Vulnerability Description

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

Affected Platforms (CPE)

📦
Cobbler Project

Cobbler

<= 3.3.0

References & Advisories

🔗 https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
🔗 https://github.com/cobbler/cobbler/releases/tag/v3.3.0
🔗 https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
🔗 https://github.com/cobbler/cobbler/releases/tag/v3.3.0

相关漏洞威胁

CVE-2018-10002269.8

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even old...

CVE-2017-10004699.8

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary ...

CVE-2018-109319.8

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated...

CVE-2008-69549.0

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobbl...