CVE-2021-3590
https://notcve.org/view.php?id=CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en Foreman project. Se ha identificado un filtrado de credenciales que expondrá la contraseña de Azure Compute Profile mediante el JSON de la salida de la API. • https://access.redhat.com/security/cve/CVE-2021-3590 https://bugzilla.redhat.com/show_bug.cgi?id=1969258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-3589
https://notcve.org/view.php?id=CVE-2021-3589
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo de autorización en Foreman Ansible. Un atacante autenticado con determinados permisos para crear y ejecutar trabajos de Ansible puede acceder a hosts mediante plantillas de trabajo. • https://access.redhat.com/security/cve/CVE-2021-3589 https://bugzilla.redhat.com/show_bug.cgi?id=1969265 • CWE-306: Missing Authentication for Critical Function •
CVE-2021-3584 – foreman: Authenticate remote code execution through Sendmail configuration
https://notcve.org/view.php?id=CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. Se encontró una vulnerabilidad de ejecución de código remota del lado del servidor Foreman project. • https://bugzilla.redhat.com/show_bug.cgi?id=1968439 https://github.com/theforeman/foreman/pull/8599 https://projects.theforeman.org/issues/32753 https://access.redhat.com/security/cve/CVE-2021-3584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-42550 – RCE from attacker with configuration edit priviledges through JNDI lookup
https://notcve.org/view.php?id=CVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. En logback versiones 1.2.7 y anteriores, un atacante con los privilegios necesarios para editar archivos de configuración podría diseñar una configuración maliciosa que permitiera ejecutar código arbitrario cargado desde servidores LDAP A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers. • http://logback.qos.ch/news.html http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html http://seclists.org/fulldisclosure/2022/Jul/11 https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf https://github.com/cn-panda/logbackRceDemo https://jira.qos.ch/browse/LOGBACK-1591 https://security.netapp.com/advisory/ntap-20211229-0001 https://access.redhat.com/security/cve/CVE-2021-42550 https://bugzilla.redhat.com/show_ • CWE-502: Deserialization of Untrusted Data •
CVE-2021-44420 – django: potential bypass of an upstream access control based on URL paths
https://notcve.org/view.php?id=CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. En Django versiones 2.2 anteriores a 2.2.25, versiones 3.1 anteriores a 3.1.14, y versiones 3.2 anteriores a 3.2.10, las peticiones HTTP para URLs con líneas nuevas al final podían omitir el control de acceso de la corriente principal basado en las rutas de las URLs • https://docs.djangoproject.com/en/3.2/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV https://security.netapp.com/advisory/ntap-20211229-0006 https://www.djangoproject.com/weblog/2021/dec/07/security-releases https://www.openwall.com/lists/oss-security/2021/12/07/1 https://access.redhat.com/security/cve/CVE-2021-44420 https://bugzilla.redhat • CWE-290: Authentication Bypass by Spoofing •