{"affected":[{"ecosystem_specific":{"binaries":[{"cobbler":"3.0.0+git20190806.32c4bae0-8.22.9.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.1","name":"cobbler","purl":"pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.0+git20190806.32c4bae0-8.22.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cobbler fixes the following issues:\n\n- CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671).\n- CVE-2021-45082: Fixed incomplete template sanitation (bsc#1193678).\n\nThe following non-security bugs were fixed:\n\n- Fix issues with installation module logging and validation (bsc#1195918)\n- Move configuration files ownership to apache (bsc#1195906)\n- Remove hardcoded test credentials (bsc#1193673)\n- Prevent log pollution (bsc#1193675)\n- Missing sanity check on MongoDB configuration file (bsc#1193676)\n","id":"SUSE-SU-2022:0510-1","modified":"2022-02-18T10:45:23Z","published":"2022-02-18T10:45:23Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20220510-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193671"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193673"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193675"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193676"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193678"},{"type":"REPORT","url":"https://bugzilla.suse.com/1195906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1195918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-45082"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-45083"}],"related":["CVE-2021-45082","CVE-2021-45083"],"summary":"Security update for cobbler","upstream":["CVE-2021-45082","CVE-2021-45083"]}