CVE-2021-3590

Published Aug 22, 2022

Last updated 2 years ago

CVSS high 8.8

Overview

Description: A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-319
secalert@redhat.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBE46BFA-0FD4-4504-B0FB-7020379D4596",
            "versionStartIncluding": "1.6.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References