PT-2021-22859 · Cobbler+2 · Cobbler+2

Schoolguy

Published

2021-09-20

Updated

2025-05-16

CVE-2021-40323

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cobbler versions prior to 3.3.0

Description The issue allows log poisoning and resultant Remote Code Execution via an XMLRPC method that logs to the logfile for template injection.

Recommendations For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the XMLRPC method to minimize the risk of exploitation.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2021-40323

GHSA-CPQF-3C3R-C9G2

OESA-2025-1467

OESA-2025-1468

OESA-2025-1469

OESA-2025-1527

OPENSUSE-SU-2022_0062-1

PYSEC-2021-373

SUSE-RU-2021:3162-1

SUSE-SU-2021:3151-1

SUSE-SU-2021:3170-1

USN-6475-1

Affected Products

Cobbler

Suse

Ubuntu

PT-2021-22859 · Cobbler+2 · Cobbler+2

CVE-2021-40323

Weakness Enumeration

Related Identifiers

Affected Products

References · 78