{
  "threat_severity" : "Moderate",
  "public_date" : "2021-09-20T00:00:00Z",
  "bugzilla" : {
    "description" : "cobbler: Authorization bypass allows modifying settings",
    "id" : "2006904",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2006904"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-639",
  "details" : [ "Cobbler before 3.3.0 allows authorization bypass for modification of settings.", "A flaw was found in cobbler. This flaw lies in the token validation and could allow an attacker to bypass authorization and modify settings." ],
  "statement" : "This vulnerability does not affect any Red Hat supported product.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "rhn-tools:1.0/cobbler",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-40325\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40325" ],
  "name" : "CVE-2021-40325",
  "csaw" : false
}