GHSA-f2rp-4rv7-fc95

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-f2rp-4rv7-fc95/GHSA-f2rp-4rv7-fc95.json
Aliases
  • CVE-2021-20259
Published
2021-06-10T15:54:43Z
Modified
2022-06-10T02:20:38.938682Z
Details

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foremanfog_proxmox 0.13.1 are affected

References

Affected packages

RubyGems / foreman_fog_proxmox

foreman_fog_proxmox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.13.1

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.4
0.13.0
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.6.0
0.7.0
0.8.0
0.8.2
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4