CVE-2021-3589 – foreman_ansible

Package

Manager: gem
Name: foreman_ansible
Vulnerable Version: >=0 <2.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00219 pctl0.4451

Details

Missing Authentication for Critical Function in Foreman Ansible An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Metadata

Created: 2022-03-24T00:00:17Z
Modified: 2023-02-08T22:41:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vvff-6wrr-4g7q/GHSA-vvff-6wrr-4g7q.json
CWE IDs: ["CWE-306"]
Alternative ID: GHSA-vvff-6wrr-4g7q
Finding: F006
Auto approve: 1