VYPR
← All advisories
High severityNVD Advisory· Published Feb 20, 2022· Updated Aug 4, 2024

CVE-2021-45083

CVE-2021-45083

Description

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cobbler before 3.3.1 stores sensitive data world-readable in /etc/cobbler, allowing local low-privilege users to obtain password hashes.

Vulnerability

Cobbler versions before 3.3.1 store configuration files in /etc/cobbler with world-readable permissions (-rw-r--r--). Two files are of concern: users.digest, which contains SHA-2-512 digests of local Cobbler users, and settings.yaml, which contains secrets such as the default password hash. This vulnerability is tracked as CVE-2021-45083 and affects all Cobbler installations prior to 3.3.1 [1][2][3].

Exploitation

An attacker with local, non-privileged access to the server can read the world-readable files /etc/cobbler/users.digest and /etc/cobbler/settings.yaml without requiring any authentication or special permissions. If a user's password is weak (e.g., easy-to-guess), the attacker can trivially recover the plaintext password from the digest file by offline cracking [2][3]. The attacker does not need any network access or user interaction beyond having a local shell account.

Impact

Successful exploitation allows the attacker to obtain password hashes and potentially recover plaintext credentials for Cobbler local users. With valid credentials, the attacker could authenticate to the Cobbler daemon and gain privileges that may lead to broader compromise of the provisioning system, including high-integrity and high-availability impacts. The CVSS score is 8.4 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) [2].

Mitigation

The vulnerability is fixed in Cobbler version 3.3.1 and later. Users should upgrade to Cobbler 3.3.1 or newer immediately [1]. For systems that cannot be upgraded, administrators should manually restrict permissions on the sensitive files (e.g., chmod 600 /etc/cobbler/settings.yaml /etc/cobbler/users.digest) and ensure that only root can read them. There is no indication that this CVE is listed in the known exploited vulnerabilities (KEV) catalog.

References
  1. Releases · cobbler/cobbler
  2. unsafe permissions on sensitive files in /etc/cobbler
  3. security - Multiple vulnerabilities affecting cobbler

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cobblerPyPI
< 3.3.13.3.1

Affected products

10

Patches

1
10b2112db83f

Merge pull request #2945 from agraul/cve-patches-2022-02-16

https://github.com/cobbler/cobblerDominik GedonFeb 18, 2022via ghsa
commit
2 files changed · +27 13
  • cobbler.spec+24 10 modified
    @@ -361,6 +361,20 @@ fi
 %else
 %post
 %systemd_post cobblerd.service
+# Fixup permission for world readable settings files
+chmod 640 %{_sysconfdir}/cobbler/settings.yaml
+chmod 600 %{_sysconfdir}/cobbler/mongodb.conf
+chmod 600 %{_sysconfdir}/cobbler/modules.conf
+chmod 640 %{_sysconfdir}/cobbler/users.conf
+chmod 640 %{_sysconfdir}/cobbler/users.digest
+chmod 750 %{_sysconfdir}/cobbler/settings.d
+chmod 640 %{_sysconfdir}/cobbler/settings.d/*
+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings
+chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf
+chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest
+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d
+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d/*
+
 
 %preun
 %systemd_preun cobblerd.service
@@ -395,23 +409,23 @@ fi
 %dir %{_sysconfdir}/cobbler/iso
 %config(noreplace) %{_sysconfdir}/cobbler/iso/buildiso.template
 %config(noreplace) %{_sysconfdir}/cobbler/logging_config.conf
-%config(noreplace) %{_sysconfdir}/cobbler/modules.conf
-%config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf
+%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf
+%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf
 %config(noreplace) %{_sysconfdir}/cobbler/named.template
 %config(noreplace) %{_sysconfdir}/cobbler/ndjbdns.template
 %dir %{_sysconfdir}/cobbler/reporting
 %config(noreplace) %{_sysconfdir}/cobbler/reporting/build_report_email.template
 %config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude
 %config(noreplace) %{_sysconfdir}/cobbler/rsync.template
 %config(noreplace) %{_sysconfdir}/cobbler/secondary.template
-%config(noreplace) %{_sysconfdir}/cobbler/settings.yaml
-%dir %{_sysconfdir}/cobbler/settings.d
-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings
-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings
-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings
-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/windows.settings
-%config(noreplace) %{_sysconfdir}/cobbler/users.conf
-%config(noreplace) %{_sysconfdir}/cobbler/users.digest
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.yaml
+%attr(750, root, %{apache_group}) %dir %{_sysconfdir}/cobbler/settings.d
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/windows.settings
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf
+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest
 %config(noreplace) %{_sysconfdir}/cobbler/version
 %config(noreplace) %{_sysconfdir}/cobbler/zone.template
 %dir %{_sysconfdir}/cobbler/zone_templates
  • cobbler/templar.py+3 3 modified
    @@ -75,10 +75,10 @@ def check_for_invalid_imports(self, data: str):
         """
         lines = data.split("\n")
         for line in lines:
-            if line.find("#import") != -1:
-                rest = line.replace("#import", "").replace(" ", "").strip()
+            if "#import" in line or "#from" in line:
+                rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip()
                 if self.settings and rest not in self.settings.cheetah_import_whitelist:
-                    raise CX("potentially insecure import in template: %s" % rest)
+                    raise CX(f"Potentially insecure import in template: {rest}")
 
     def render(self, data_input: Union[TextIO, str], search_table: dict, out_path: Optional[str],
                template_type="default") -> str:

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

14

News mentions

0

No linked articles in our index yet.