Описание
Cobbler before 3.3.0 allows log poisoning
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-40323
- https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
- https://github.com/advisories/GHSA-cpqf-3c3r-c9g2
- https://github.com/cobbler/cobbler/releases/tag/v3.3.0
- https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-373.yaml
Пакеты
cobbler
< 3.3.0
3.3.0
EPSS
8.1 High
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
Связанные уязвимости
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...
EPSS
8.1 High
CVSS4
9.8 Critical
CVSS3