CVE-2021-40325
published 2021-10-04CVE-2021-40325: Cobbler before 3.3.0 allows authorization bypass for modification of settings.
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.31%
67.0th percentile
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | <= 3.3.0 | — |
| cobbler_project | cobbler | >= 0 < d8f60bbf14a838c8c8a1dba98086b223e35fe70a | d8f60bbf14a838c8c8a1dba98086b223e35fe70a |
| cobbler_project | cobbler | >= 0 < 3.3.0 | 3.3.0 |
| cobbler_project | cobbler | >= 0 < 2.4.1-0ubuntu2+esm1 | 2.4.1-0ubuntu2+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv4.0MEDIUM
vendor_redhat7.5HIGH
vendor_ubuntu4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cobbler vulnerabilities
osv·2023-11-13·CVSS 4.0
CVE-2014-3225 [MEDIUM] cobbler vulnerabilities
cobbler vulnerabilities
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discovered that Cobbler did not properly handle user
input, which coul
OSV
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
osv·2021-10-05
CVE-2021-40325 [HIGH] Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
GHSA
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
ghsa·2021-10-05
CVE-2021-40325 [HIGH] CWE-863 Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
OSV
CVE-2021-40325: Cobbler before 3
osv·2021-10-04
CVE-2021-40325 CVE-2021-40325: Cobbler before 3
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Ubuntu
Cobbler vulnerabilities
vendor_ubuntu·2023-11-13·CVSS 4.0
CVE-2021-40323 [MEDIUM] Cobbler vulnerabilities
Title: Cobbler vulnerabilities
Summary: Several security issues were fixed in Cobbler.
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discov
Red Hat
cobbler: Authorization bypass allows modifying settings
vendor_redhat·2021-09-20·CVSS 7.5
CVE-2021-40325 [HIGH] CWE-639 cobbler: Authorization bypass allows modifying settings
cobbler: Authorization bypass allows modifying settings
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
A flaw was found in cobbler. This flaw lies in the token validation and could allow an attacker to bypass authorization and modify settings.
Statement: This vulnerability does not affect any Red Hat supported product.
Package: rhn-tools:1.0/cobbler (Red Hat Enterprise Linux 8) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-04
Published