CVE-2021-36756

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation...

CVE-2021-38379

The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure...

CVE-2019-19394

Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0...

CVE-2024-55958

Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6...

CVE-2024-55958

Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6...

CVE-2024-55958

Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6...

CVE-2024-55958

CVE-2024-55958 affects Northern.tech CFEngine Enterprise Mission Portal. The vulnerability is a cross-site scripting (XSS) flaw in Mission Portal versions 3.24.0 and 3.21.5 and earlier, caused by insufficient input validation in certain fields. Fixed versions are 3.24.1 and 3.21.6. Public exploit...

Northern.tech CFEngine Enterprise 跨站脚本漏洞

Northern.tech CFEngine Enterprise is a versatile solution for automating routine tasks from Northern.tech. A security vulnerability exists in Northern.tech CFEngine Enterprise version 3.24.0 and versions 3.21.5 and earlier, which stems from a lack of input validation in certain fields, resulting ...

PT-2025-3164 · Cfengine · Cfengine Enterprise Mission Portal

Name of the Vulnerable Software and Affected Versions: CFEngine Enterprise Mission Portal versions 3.21.5 and below CFEngine Enterprise Mission Portal version 3.24.0 Description: The issue allows for XSS. The estimated number of potentially affected devices worldwide is not available. There is no...

Advisory ROSA-SA-2024-2436

software: cfengine 3.21.3 OS: ROSA-CHROME packageevrstring: cfengine-3.21.3-1 CVE-ID: CVE-2021-36756 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is no SSL certificate validation in CFEngine Enterprise. CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update cfengine CVE-ID:...

OPENSUSE-SU-2024:11873-1 cfengine-3.19.0-1.1 on GA media

These are all security issues fixed in the cfengine-3.19.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

UBUNTU-CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub...

Northern.tech CFEngine Security Breach

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework. A security vulnerability exists in Northern.tech CFEngine Enterprise versions 3.6.0 through 3.18.6 and prior to 3.21.3, which stems from an injection flaw in the Web UI, Mission Portal, and results i...