Bug 2006840 (CVE-2021-40323) - CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method
Summary: CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via gene...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2021-40323
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2006885 2006884
Blocks: 2006908
TreeView+ depends on / blocked
 
Reported: 2021-09-22 14:03 UTC by Pedro Sampaio
Modified: 2021-09-30 08:15 UTC (History)
10 users (show)

Fixed In Version: cobbler 3.3.0, cobbler 3.2.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in cobbler. This flaw lies in the generate_script RPC method, which accepts unsanitized parameters. This flaw allows an attacker to read arbitrary files on the system as root. Further, the attacker could gain arbitrary code execution using template injection against the default Cheetah template engine, leading to the exposure of sensitive information or execution of arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2021-09-24 08:48:57 UTC
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-09-22 14:03:05 UTC 
An arbitrary file disclosure/template injection flaw was found in Cobbler. It exposes an XMLRPC API interface that allows users to request some information without authentication.

References:

https://lists.suse.com/pipermail/sle-security-updates/2021-September/009468.html
https://github.com/cobbler/cobbler/issues/2795
https://github.com/cobbler/cobbler/pull/2794
Comment 1 Pedro Sampaio 2021-09-22 15:28:39 UTC 
Created cobbler tracking bugs for this issue:

Affects: epel-7 [bug 2006885]
Affects: fedora-all [bug 2006884]
Note You need to log in before you can comment on or make changes to this bug.