Miggo Logo
Miggo Vulnerability Database
CVE-2021-40324

CVE-2021-40324: Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-40324
GHSA ID
GHSA-4cfr-gjfx-fj3x
EPSS Score
0.87143%
CWE
CWE-434
Published
10/5/2021
Updated
9/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
cobblerpip< 3.3.03.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability stems from the upload_log_data XMLRPC endpoint and its helper __upload_file. The commit diff shows critical security additions: 1) A new __validate_log_data_params to check types and filename validity 2) Path normalization with os.path.normpath 3) Directory containment checks in __upload_file. Pre-patch, attackers could supply filenames like '../../etc/passwd' which bypassed the weak str.translate('/','+') sanitization. The CWE-434 mapping and GHSA description directly implicate these file write functions. The test_arbitrary_file_write_1 in security_test.py confirms exploitation via path traversal.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*o**l*r ***or* *.*.* *llows *r*itr*ry *il* writ* op*r*tions vi* uplo**_lo*_**t*.

Reasoning

T** *or* vuln*r**ility st*ms *rom t** uplo**_lo*_**t* XMLRP* *n*point *n* its **lp*r __uplo**_*il*. T** *ommit *i** s*ows *riti**l s**urity ***itions: *) * n*w __v*li**t*_lo*_**t*_p*r*ms to ****k typ*s *n* *il*n*m* v*li*ity *) P*t* norm*liz*tion wit*