Bug 2006840 (CVE-2021-40323)
| Summary: | CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | brejoc, jimi, kwizart, mmraka, ngompa13, orion, scott, tkasparek, tlestach, vanmeeuwen+fedora |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cobbler 3.3.0, cobbler 3.2.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in cobbler. This flaw lies in the generate_script RPC method, which accepts unsanitized parameters. This flaw allows an attacker to read arbitrary files on the system as root. Further, the attacker could gain arbitrary code execution using template injection against the default Cheetah template engine, leading to the exposure of sensitive information or execution of arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-09-24 08:48:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2006884, 2006885 | ||
| Bug Blocks: | 2006908 | ||
|
Description
Pedro Sampaio
2021-09-22 14:03:05 UTC
Created cobbler tracking bugs for this issue: Affects: epel-7 [bug 2006885] Affects: fedora-all [bug 2006884] |