UBUNTU-CVE-2021-40323

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2021-40323
Downstream
USN-6475-1
Published: 04 Oct 2021, 06:15
Last modified:04 Feb 2026, 04:32

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Oct 2021, 06:15
Published
Vulnerability first disclosed
04 Feb 2026, 04:32
Last Modified
Vulnerability information updated

Description

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntucobbler

    < 2.4.1-0ubuntu2+esm1

References (5)