CVE-2021-40348
HIGHUyuni 2021.08 - Code Injection via rhn-config-satellite.pl Configuration Filename
Title source: llmDescription
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.
References (2)
Core 2
Core References
Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2021/10/28/4
Patch, Third Party Advisory x_refsource_confirm
https://github.com/uyuni-project/uyuni/commit/790c7388efac6923c5475e01c1ff718dffa9f052
Scores
CVSS v3
8.8
EPSS
0.0174
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (2)
spacewalk_project/spacewalk
2.10
uyuni-project/uyuni
2021.08
Published
Nov 01, 2021
Tracked Since
Feb 18, 2026