CVE-2021-3413

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3413

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3413.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3413

Related

RHSA-2021:4702

Published

2021-04-08T23:15:12Z

Modified

2024-09-03T03:50:45.266406Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1930352

Affected packages

Git / github.com/theforeman/foreman_azure_rm

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman_azure_rm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

71984d865d9fec21cd6209e5a5072ce421c5f695

Affected versions

v0.*

v0.1.0

v1.*

v1.0.0

v1.1.1

v1.2.0

v1.3.0

v1.3.1

v2.*

v2.0.0.pre1

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.1.0

v2.1.1

v2.1.2