CVE-2021-3494

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1948005	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-04-26 15:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-3494

Mitre link : CVE-2021-3494

CVE.ORG link : CVE-2021-3494

JSON object : View

Products Affected

theforeman

foreman

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2021-3494", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2021-04-26T15:15:07.900", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948005", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0."}, {"lang": "es", "value": "Un proxy inteligente que proporciona una API restful a varios subsistemas del Foreman est\u00e1 afectado por un fallo que puede causar un ataque de tipo Man-in-the-Middle. El m\u00f3dulo FreeIPA del proxy inteligente Foreman no comprueba el certificado SSL, por lo tanto, un atacante no autenticado puede llevar a cabo acciones en FreeIPA si determinadas condiciones se cumplen. La mayor amenaza de este fallo es la confidencialidad del sistema. Esta fallo afecta a Foreman versiones anteriores a 2.5.0."}], "lastModified": "2021-05-04T14:14:43.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D57AF33-980D-4529-8606-1D5850224D1B", "versionEndExcluding": "2.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}