CVE-2021-20259

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20259

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20259.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20259

Aliases

GHSA-f2rp-4rv7-fc95

Withdrawn

2024-05-15T05:32:36.693050Z

Published

2021-06-07T21:15:07Z

Modified

2023-11-29T08:39:58.060121Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foremanfog_proxmox 0.13.1 are affected

References

https://bugzilla.redhat.com/show_bug.cgi?id=1932144

Affected packages

Git / github.com/theforeman/foreman_fog_proxmox

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman_fog_proxmox
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1f138d80fbeace59ff3c3c2f200ec5ae90622875

Affected versions

v0.*

v0.1.0-alpha

v0.10.0

v0.10.1

v0.10.2

v0.11.0

v0.11.1

v0.12.0

v0.12.1

v0.12.2

v0.12.4

v0.13.0

v0.3.1

v0.3.4

v0.4.0

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.6.0

v0.7.0

v0.8.0

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4