Oval Definition:oval:org.opensuse.security:def:202145082
Revision Date:2022-06-30Version:1
Title:CVE-2021-45082
Description:

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-45082
SUSE CVE-2021-45082
SUSE-SU-2022:0509-1
SUSE-SU-2022:0510-1
openSUSE-SU-2022:0062-1
Platform(s):Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
openSUSE Leap 15.3
openSUSE Tumbleweed
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • cobbler-3.3.1.0+git.f5b0599a-1.1 is installed
  • OR cobbler-tests-3.3.1.0+git.f5b0599a-1.1 is installed
    • Definition Synopsis
  • Release Information
  • Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure is installed
  • OR Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
  • OR Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE is installed
  • AND cobbler-3.1.2-150300.5.14.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for SUSE Manager Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND cobbler-3.1.2-150300.5.14.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND cobbler is affected
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND cobbler is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for SUSE Manager Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1 is installed
  • OR Package Information
  • Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure is installed
  • OR Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM is installed
  • OR Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE is installed
  • AND cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • cobbler-3.1.2-bp153.2.3.1 is installed
  • AND cobbler is signed with openSUSE key
  • OR
  • cobbler-tests-3.1.2-bp153.2.3.1 is installed
  • AND cobbler-tests is signed with openSUSE key
  • OR
  • cobbler-web-3.1.2-bp153.2.3.1 is installed
  • AND cobbler-web is signed with openSUSE key
    • BACK