{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cobbler before 3.3.0 allows authorization bypass for modification of settings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-04T05:43:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-40325", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cobbler before 3.3.0 allows authorization bypass for modification of settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a", "refsource": "MISC", "url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}, {"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0", "refsource": "MISC", "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.916Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-40325", "datePublished": "2021-10-04T05:43:54", "dateReserved": "2021-08-30T00:00:00", "dateUpdated": "2024-08-04T02:27:31.916Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C8C2AC2-1199-4261-BA13-47515F80F826", "versionEndIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cobbler before 3.3.0 allows authorization bypass for modification of settings."}, {"lang": "es", "value": "Cobbler versiones anteriores a 3.3.0, permite omitir una autorizaci\u00f3n para modificar la configuraci\u00f3n"}], "id": "CVE-2021-40325", "lastModified": "2024-11-21T06:23:51.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-04T06:15:07.367", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cobbler: Authorization bypass allows modifying settings", "id": "2006904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006904"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-639", "details": ["Cobbler before 3.3.0 allows authorization bypass for modification of settings.", "A flaw was found in cobbler. This flaw lies in the token validation and could allow an attacker to bypass authorization and modify settings."], "name": "CVE-2021-40325", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rhn-tools:1.0/cobbler", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-09-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-40325\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40325"], "statement": "This vulnerability does not affect any Red Hat supported product.", "threat_severity": "Moderate", "upstream_fix": "cobbler 3.3.0, cobbler 3.2.2"}