Vulnerability Description
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cobbler Project | Cobbler | <= 3.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe7PatchThird Party Advisory
- https://github.com/cobbler/cobbler/releases/tag/v3.3.0ProductThird Party Advisory
- https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe7PatchThird Party Advisory
- https://github.com/cobbler/cobbler/releases/tag/v3.3.0ProductThird Party Advisory
FAQ
What is CVE-2021-40323?
CVE-2021-40323 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
How severe is CVE-2021-40323?
CVE-2021-40323 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-40323?
Check the references section above for vendor advisories and patch information. Affected products include: Cobbler Project Cobbler.