CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40325
https://notcve.org/view.php?id=CVE-2021-40325
Cobbler before 3.3.0 allows authorization bypass for modification of settings. Cobbler versiones anteriores a 3.3.0, permite omitir una autorización para modificar la configuración • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a https://github.com/cobbler/cobbler/releases/tag/v3.3.0 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40324
https://notcve.org/view.php?id=CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Cobbler versiones anteriores a 3.3.0, permite operaciones de escritura de archivos arbitrarios por medio de la función upload_log_data • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a https://github.com/cobbler/cobbler/releases/tag/v3.3.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2021-40323
https://notcve.org/view.php?id=CVE-2021-40323
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. Cobbler versiones anteriores a 3.3.0, permite un envenenamiento de registros, y la resultante Ejecución de Código Remota , por medio de un método XMLRPC que se registra en el archivo de registro para la inyección de plantillas • https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a https://github.com/cobbler/cobbler/releases/tag/v3.3.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •