{"affected":[{"ecosystem_specific":{"binaries":[{"cobbler":"3.0.0+git20190806.32c4bae0-8.22.6.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.1","name":"cobbler","purl":"pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.0+git20190806.32c4bae0-8.22.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cobbler fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)\n- CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)\n- CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)\n\n- Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to \n  cobbler may be rejected\n","id":"SUSE-SU-2021:3151-1","modified":"2021-09-20T15:21:44Z","published":"2021-09-20T15:21:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20213151-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-40323"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-40324"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-40325"}],"related":["CVE-2021-40323","CVE-2021-40324","CVE-2021-40325"],"summary":"Security update for cobbler","upstream":["CVE-2021-40323","CVE-2021-40324","CVE-2021-40325"]}