Lucene search

[email protected]CVE-2021-20260

HistoryAug 26, 2022 - 4:15 p.m.

CVE-2021-20260

2022-08-2616:15:08

CWE-200

CWE-522

[email protected]

web.nvd.nist.gov

1524

cve-2021-20260

foreman project

datacenter plugin

password exposure

api

security vulnerability

data confidentiality

data integrity

system availability.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

NVD

Node

theforemanforeman

CPENameOperatorVersion
theforeman:foremantheforeman foremaneq*

CPE	Name	Operator	Version
theforeman:foreman	theforeman foreman	eq	*

CNA Affected

[
  {
    "product": "foreman",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Not-Known"
      }
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2021-20260

bugzilla.redhat.com/show_bug.cgi?id=1932181

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-20260

cvelist1 redhatcve1 prion1 nvd1