// For flags

CVE-2021-3457

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

Se encontró un fallo de manejo de autorización inapropiada en Foreman. El plugin Shellhooks para el proxy inteligente permite a clientes de Foreman ejecutar acciones que deberían estar limitadas al servidor de Foreman. Este fallo permite a un atacante local autenticado acceder y eliminar recursos limitados y además causa una denegación de servicio en el servidor Foreman. La mayor amenaza de esta vulnerabilidad es la integridad así como la disponibilidad del sistema

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-22 CVE Reserved
  • 2021-05-12 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-863: Incorrect Authorization
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Theforeman
Search vendor "Theforeman"
Smart Proxy Shell Hooks
Search vendor "Theforeman" for product "Smart Proxy Shell Hooks"
< 0.9.2
Search vendor "Theforeman" for product "Smart Proxy Shell Hooks" and version " < 0.9.2"
-
Affected