First published: Fri Feb 18 2022(Updated: )
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cobbler Project Cobbler | <3.3.1 | |
openSUSE Factory | ||
Opensuse Backports | =sle-15-sp3 | |
Opensuse Backports | =sle-15-sp4 | |
SUSE Linux Enterprise Server | =11-sp3 | |
SUSE Linux Enterprise Server | =12 | |
SUSE Linux Enterprise Server | =15-sp2 | |
SUSE Linux Enterprise Server | =15-sp3 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
pip/cobbler | <3.3.1 | 3.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-45082 is high, with a CVSS score of 7.8.
CVE-2021-45082 affects Cobbler versions up to and including 3.3.1.
The vulnerability allows Cheetah code to import Python modules via the "#from MODULE import" substring in the templar.py file of Cobbler.
Yes, openSUSE Factory is affected by CVE-2021-45082.
To fix the vulnerability, you should upgrade Cobbler to version 3.3.1 or higher.