CVE-2021-3590

Published: Aug 22, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (2)

Products: Theforeman: Foreman · Redhat: Satellite

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	From 1.6.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 6.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://access.redhat.com/security/cve/CVE-2021-3590

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1969258

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2021-3590

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1969258

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.