Cfengine

cfengine

Vendor: Northern.tech • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-24712 1Northern.tech 1Cfengine May 19, 2026 May 14, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
CVE-2026-24711 1Northern.tech 1Cfengine May 19, 2026 May 14, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
CVE-2026-24710 1Northern.tech 1Cfengine May 19, 2026 May 14, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVE-2023-45684 1Northern.tech 1Cfengine Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.
CVE-2023-26560 1Northern.tech 1Cfengine Feb 4, 2025 Apr 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
CVE-2021-44216 1Northern.tech 1Cfengine Nov 21, 2024 Mar 10, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.
CVE-2021-44215 1Northern.tech 1Cfengine Nov 21, 2024 Mar 10, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.
CVE-2021-38379 1Northern.tech 1Cfengine Nov 21, 2024 Oct 27, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
CVE-2021-36756 1Northern.tech 1Cfengine Nov 21, 2024 Oct 27, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
CVE-2019-19394 1Northern.tech 1Cfengine Nov 21, 2024 Apr 16, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.