Lucene search

[email protected]NVD:CVE-2021-44216

HistoryMar 10, 2022 - 5:44 p.m.

CVE-2021-44216

2022-03-1017:44:14

CWE-276

[email protected]

web.nvd.nist.gov

cfengine enterprise

insecure permissions

unauthorized access

log files

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.

Affected configurations

Nvd

Node

northern.techcfengineRange<3.15.5enterprise

northern.techcfengineRange3.18.0–3.18.1enterprise

VendorProductVersionCPE
northern.techcfengine*cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
northern.tech	cfengine	*	cpe:2.3:a:northern.tech:cfengine:::::enterprise:::*

References

cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

northern.tech

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-44216

prion1 cvelist1 alpinelinux1 cve1 osv2 nessus1 rosalinux1