GHSA-f2rp-4rv7-fc95
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f2rp-4rv7-fc95
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-f2rp-4rv7-fc95/GHSA-f2rp-4rv7-fc95.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f2rp-4rv7-fc95
- Aliases
- Published
- 2021-06-10T15:54:43Z
- Modified
- 2023-11-08T04:04:36.135332Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
- Details
-
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions of foremanfog_proxmox prior to 0.13.1 are affected.
- Database specific
{ "nvd_published_at": "2021-06-07T21:15:00Z", "github_reviewed_at": "2021-06-10T14:58:17Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-200" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-20259
- https://github.com/theforeman/foreman_fog_proxmox/pull/184/commits/b7e910bf61563f5d447c71b1b41e2a373a794d7b
- https://bugzilla.redhat.com/show_bug.cgi?id=1932144
- https://github.com/theforeman/foreman_fog_proxmox
- https://github.com/theforeman/foreman_fog_proxmox/releases/tag/v0.13.1
Affected packages
RubyGems / foreman_fog_proxmox
Package
- Name
- foreman_fog_proxmox
- Purl
- pkg:gem/foreman_fog_proxmox