CVE-2021-3589

Published: Mar 23, 2022Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 6.0

Source: NVD

Description

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (2)

Products: Theforeman: Foreman Ansible · Redhat: Satellite

1 product

Foreman Ansible

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman Ansible	Before 7.1.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 6.0

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://access.redhat.com/security/cve/CVE-2021-3589

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1969265

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://access.redhat.com/security/cve/CVE-2021-3589

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1969265

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.