Lucene search
GoogleOSV:GHSA-VVFF-6WRR-4G7QHistoryMar 24, 2022 - 12:00 a.m.
Missing Authentication for Critical Function in Foreman Ansible
2022-03-2400:00:17
Google
osv.dev
23
authorization flaw
foreman ansible
authenticated attacker
ansible jobs
data confidentiality
data integrity
system availability
EPSS
0.001
Percentile
37.0%
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
access.redhat.com/security/cve/CVE-2021-3589
bugzilla.redhat.com/show_bug.cgi?id=1969265
github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_ansible/CVE-2021-3589.yml
github.com/theforeman/foreman_ansible
github.com/theforeman/foreman_ansible/commit/a5e0827bc3ec6c8ab82f968907857a15646305d5
nvd.nist.gov/vuln/detail/CVE-2021-3589
Related
nvd
nvd
CVE-2021-3589
2022-03-23 20:15:09
veracode
veracode
Access-Control Bypass
2022-03-30 13:42:41
cvelist
cvelist
CVE-2021-3589
2022-03-23 19:46:10
redhatcve
redhatcve
CVE-2021-3589
2021-06-09 10:14:12
github
github
Missing Authentication for Critical Function in Foreman Ansible
2022-03-24 00:00:17
rubygems
rubygems
Missing Authentication for Critical Function in Foreman Ansible
2022-03-23 21:00:00
prion
prion
Authorization
2022-03-23 20:15:00
cve
cve
CVE-2021-3589
2022-03-23 20:15:09
ibm
ibm
fedora
fedora
[SECURITY] Fedora 34 Update: mingw-openexr-2.5.5-3.fc34
2021-06-20 01:09:26
[SECURITY] Fedora 33 Update: mingw-ilmbase-2.4.1-3.fc33
2021-06-20 01:07:46
openvas
openvas
Fedora: Security Advisory for mingw-openexr (FEDORA-2021-25fe4291c9)
2021-06-20 00:00:00
Fedora: Security Advisory for mingw-ilmbase (FEDORA-2021-3d770d7179)
2021-06-20 00:00:00