CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
39.0%
software: cfengine 3.21.3
OS: ROSA-CHROME
package_evr_string: cfengine-3.21.3-1
CVE-ID: CVE-2021-36756
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is no SSL certificate validation in CFEngine Enterprise.
CVE-STATUS: Fixed
CVE-REV: To close, execute command: sudo dnf update cfengine
CVE-ID: CVE-2021-38379
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The hub in CFEngine Enterprise has insecure permissions that allow local information to be exposed.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update cfengine
CVE-ID: CVE-2021-44215
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Northern.tech CFEngine Enterprise has insecure permissions that may allow unauthorized local users to have undefined influence.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update cfengine
CVE-ID: CVE-2021-44216
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Northern.tech CFEngine Enterprise has insecure permissions that could allow unauthorized local users to access Apache and Mission Portal log files.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update cfengine
CVE-ID: CVE-2023-26560
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Northern.tech CFEngine Enterprise allows a group of authenticated users to use the scheduled reports feature to read arbitrary files and potentially discover credentials.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update cfengine
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
39.0%