GSA_kwCzR0hTQS1jcjNmLXIyNGotM2Nod80WIw

High CVSS: 8.7 EPSS: 0.00025% (0.05287 Percentile) EPSS:

Permalink JSON

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

Affected Packages	Affected Versions	Fixed Versions
pypi:cobbler	< 3.3.0	3.3.0
0 Dependent packages 11 Dependent repositories 244 Downloads last month Affected Version Ranges All affected versions 3.1.2, 3.2.1, 3.2.2, 3.2.3 All unaffected versions 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-40325
https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
https://github.com/cobbler/cobbler/releases/tag/v3.3.0
https://github.com/advisories/GHSA-cr3f-r24j-3chw
https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-375.yaml

Identifiers

GHSA-cr3f-r24j-3chw

CVE-2021-40325

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00025

EPSS Percentile: 0.05287

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/cobbler/cobbler

Date and time

Published

almost 4 years ago

Updated

11 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1jcjNmLXIyNGotM2Nod80WIw

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

CVSS

EPSS

Classification

Source

Origin

Repository

Date and time

Published

Updated

API