CVE-2021-44216

Published: Mar 10, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.

Affected (2)

Products: Northern.tech: Cfengine

Northern.tech

1 product

Cfengine

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Northern.tech Cfengine	Before 3.15.5
Northern.tech Cfengine	From 3.18.0 to 3.18.1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Source: cve@mitre.org

ExploitVendor Advisory

https://northern.tech

Source: cve@mitre.org

Vendor Advisory

https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://northern.tech

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.