CVE-2021-45082

moderate-risk

Published 2022-02-19

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

Do I need to act?

-

0.04% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (11)

Cobbler

Factory

Backports

Backports

Linux Enterprise Server

Linux Enterprise Server

Linux Enterprise Server

Linux Enterprise Server

Fedora

Fedora

Fedora

Affected Vendors

Suse Fedoraproject Opensuse Cobbler Project

References (10)

Exploit https://bugzilla.suse.com/show_bug.cgi?id=1193678

Release Notes https://github.com/cobbler/cobbler/releases

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Exploit https://bugzilla.suse.com/show_bug.cgi?id=1193678

Release Notes https://github.com/cobbler/cobbler/releases

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

40

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 16/34 · Moderate