High severityNVD Advisory· Published Jun 7, 2021· Updated Aug 3, 2024
CVE-2021-20259
CVE-2021-20259
Description
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
foreman_fog_proxmoxRubyGems | < 0.13.1 | 0.13.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-f2rp-4rv7-fc95ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20259ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/theforeman/foreman_fog_proxmox/pull/184/commits/b7e910bf61563f5d447c71b1b41e2a373a794d7bghsaWEB
- github.com/theforeman/foreman_fog_proxmox/releases/tag/v0.13.1ghsaWEB
News mentions
0No linked articles in our index yet.