7.8

CVE-2021-45082

Exploit
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cobbler ProjectCobbler Version < 3.3.1
OpensuseFactory Version-
OpensuseBackports Versionsle-15 Updatesp3
OpensuseBackports Versionsle-15 Updatesp4
SuseLinux Enterprise Server Version11 Updatesp3
SuseLinux Enterprise Server Version12 Update-
SuseLinux Enterprise Server Version15 Updatesp2
SuseLinux Enterprise Server Version15 Updatesp3
FedoraprojectFedora Version34
FedoraprojectFedora Version35
FedoraprojectFedora Version36
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.128
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://bugzilla.suse.com/show_bug.cgi?id=1193678
Patch
Third Party Advisory
Exploit
Issue Tracking
https://github.com/cobbler/cobbler/releases
Third Party Advisory
Release Notes