CVE-2021-3589

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2021-3589 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1969265 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:theforeman:foreman_ansible:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-23 20:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-3589

Mitre link : CVE-2021-3589

CVE.ORG link : CVE-2021-3589


JSON object : View

Products Affected

theforeman

  • foreman_ansible

redhat

  • satellite
CWE
CWE-306

Missing Authentication for Critical Function