PT-2022-12303 · Cobbler+2 · Cobbler+2

Paolo Perego

Published

2022-01-12

Updated

2025-05-16

CVE-2021-45082

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Cobbler versions prior to 3.3.1

Description An issue was discovered in the templar.py file, where the check for invalid imports function can allow Cheetah code to import Python modules via the "#from MODULE import" substring, as only lines beginning with #import are blocked.

Recommendations For Cobbler versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the check for invalid imports function in the templar.py file until a patch is available.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2021-45082

GHSA-6CM4-GM85-972C

OESA-2025-1467

OESA-2025-1468

OESA-2025-1469

OESA-2025-1527

OPENSUSE-SU-2022_0062-1

OPENSUSE-SU-2024:11853-1

PYSEC-2022-37

SUSE-SU-2022:0509-1

SUSE-SU-2022:0510-1

USN-6475-1

Affected Products

Cobbler

Suse

Ubuntu

PT-2022-12303 · Cobbler+2 · Cobbler+2

CVE-2021-45082

Weakness Enumeration

Related Identifiers

Affected Products

References · 61