CVE-2021-40324

Опубликовано: 20 сент. 2021

Источник: redhat

CVSS3: 8.1

Описание

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

A flaw was found in cobbler. The flaw lies in cobblerd's anamon support, specifically the upload_log_data XMLRPC function. An anamon_enabled setting, if enabled, accepts unsanitized user-supplied parameters. This flaw allows an attacker to write arbitrary files to the system. The highest threat from this vulnerability is to confidentiality, integrity, and availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	rhn-tools:1.0/cobbler	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2006897cobbler: Arbitrary file write via upload_log_data XMLRPC function

8.1 High

CVSS3

Связанные уязвимости

CVE-2021-40324

CVSS3: 7.5

ubuntu

больше 4 лет назад

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

CVE-2021-40324

CVSS3: 7.5

nvd

больше 4 лет назад

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

CVE-2021-40324

CVSS3: 7.5

debian

больше 4 лет назад

Cobbler before 3.3.0 allows arbitrary file write operations via upload ...

GHSA-4cfr-gjfx-fj3x

CVSS3: 7.5

github

больше 4 лет назад

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

8.1 High

CVSS3