CVE-2021-3456

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3456
Published
2022-03-30T16:15:11Z
Modified
2024-09-03T03:50:58.334012Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

References

Affected packages

Git / github.com/theforeman/smart_proxy_salt

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart_proxy_salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.0.1
0.0.2

1.*

1.0.0

2.*

2.0.0
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5