GHSA-f2rp-4rv7-fc95

Source

https://github.com/advisories/GHSA-f2rp-4rv7-fc95

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-f2rp-4rv7-fc95/GHSA-f2rp-4rv7-fc95.json

Aliases

CVE-2021-20259

Published

2021-06-10T15:54:43Z

Modified

2023-11-08T04:04:36.135332Z

Details

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions of foremanfog_proxmox prior to 0.13.1 are affected.

References

Affected packages

RubyGems / foreman_fog_proxmox

Package

Name: foreman_fog_proxmox

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.13.1

Affected versions

0.*

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.6.0

0.7.0

0.8.0

0.8.2

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.10.0

0.10.1

0.10.2

0.11.0

0.11.1

0.12.0

0.12.1

0.12.2

0.12.4

0.13.0