| Vulnerability Name: | CVE-2021-3590 (CCN-234130) | ||||||||||||
| Assigned: | 2021-06-09 | ||||||||||||
| Published: | 2022-07-18 | ||||||||||||
| Updated: | 2022-08-26 | ||||||||||||
| Summary: | A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-319 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-3590 Source: MISC Type: Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-3590 Source: CCN Type: Red Hat Bugzilla - Bug 1969258 (CVE-2021-3590) - CVE-2021-3590 foreman: azure compute profile credential leak to authenticated users Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1969258 Source: XF Type: UNKNOWN foreman-cve20213590-info-disc(234130) Source: CCN Type: foreman GIT Repository fixes #4250 - API v2 - add compute profiles | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||