Schoolguy

#10162of 53,622
27.2Total CVSS
Vulnerabilities · 3
High
2
Critical
1
PT-2021-22859
9.8
2021-09-20
Cobbler · Cobbler · CVE-2021-40323
**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.0 **Description** The issue allows log poisoning and resultant Remote Code Execution via an XMLRPC method that logs to the logfile for template injection. **Recommendations** For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the XMLRPC method to minimize the risk of exploitation.
PT-2021-22860
8.7
2021-09-20
Cobbler · Cobbler · CVE-2021-40324
**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.0 **Description** The issue allows arbitrary file write operations via `upload log data`. **Recommendations** For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.
PT-2021-22861
8.7
2021-09-20
Cobbler · Cobbler · CVE-2021-40325
**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.0 **Description** The issue allows for authorization bypass, enabling modification of settings. **Recommendations** For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.