GitHub Advisory DatabaseGHSA-VVFF-6WRR-4G7QMissing Authentication for Critical Function in Foreman Ansible
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.1%
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| foreman_ansible | lt | 2.0.0 |
References
access.redhat.com/security/cve/CVE-2021-3589
bugzilla.redhat.com/show_bug.cgi?id=1969265
github.com/advisories/GHSA-vvff-6wrr-4g7q
github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_ansible/CVE-2021-3589.yml
github.com/theforeman/foreman_ansible/commit/a5e0827bc3ec6c8ab82f968907857a15646305d5
nvd.nist.gov/vuln/detail/CVE-2021-3589
Related
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.1%