CVE Vulnerabilities

CVE-2021-40325

Published: Oct 04, 2021 | Modified: Aug 08, 2023

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.x

5 MEDIUM

RedHat/V2

RedHat/V3

7.5 MODERATE

Ubuntu

HIGH

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-40325
CWE	https://cwe.mitre.org/data/definitions/.html

Cobbler before 3.3.0 allows authorization bypass for modification of settings.

Affected Software

Name	Vendor	Start Version	End Version
Cobbler	Cobbler_project	*	3.3.0 (including)
Cobbler	Ubuntu	esm-apps/xenial	*
Cobbler	Ubuntu	trusty	*
Cobbler	Ubuntu	upstream	*
Cobbler	Ubuntu	xenial	*

References

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.