CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3590
https://notcve.org/view.php?id=CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en Foreman project. Se ha identificado un filtrado de credenciales que expondrá la contraseña de Azure Compute Profile mediante el JSON de la salida de la API. • https://access.redhat.com/security/cve/CVE-2021-3590 https://bugzilla.redhat.com/show_bug.cgi?id=1969258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10710
https://notcve.org/view.php?id=CVE-2020-10710
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. Se ha detectado un fallo en el que es divulgada la contraseña Plaintext Candlepin al actualizar Red Hat Satellite mediante del instalador de satélites. Este fallo permite a un atacante con privilegios suficientemente altos, como root, recuperar la contraseña de texto plano de Candlepin. • https://bugzilla.redhat.com/show_bug.cgi?id=1816747 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3456
https://notcve.org/view.php?id=CVE-2021-3456
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. Se ha encontrado un fallo de manejo de autorizaciones inapropiado en Foreman. • https://bugzilla.redhat.com/show_bug.cgi?id=1941001 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20290
https://notcve.org/view.php?id=CVE-2021-20290
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. Se ha encontrado un fallo de manejo de autorización inapropiado en Foreman. • https://bugzilla.redhat.com/show_bug.cgi?id=1939701 • CWE-863: Incorrect Authorization •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3589
https://notcve.org/view.php?id=CVE-2021-3589
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo de autorización en Foreman Ansible. Un atacante autenticado con determinados permisos para crear y ejecutar trabajos de Ansible puede acceder a hosts mediante plantillas de trabajo. • https://access.redhat.com/security/cve/CVE-2021-3589 https://bugzilla.redhat.com/show_bug.cgi?id=1969265 • CWE-306: Missing Authentication for Critical Function •