CVE-2021-3413Sensitive Information Exposure in Foreman Azurerm

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.3%
top 45.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Theforeman Foreman AzurermRedhat Satellite
Timeline
PublishedApr 8
Latest updateMay 24

Description

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

CVEListV5redhat/satellitetfm-rubygem-foreman_azure_rm 2.2.0

🔴Vulnerability Details

2
GHSA
GHSA-gphm-f2cq-m9pv: A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 22022-05-24
CVEList
CVE-2021-3413: A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 22021-04-08

📋Vendor Advisories

1
Red Hat
Satellite: Azure compute resource secret_key leak to authenticated users2021-02-18
CVE-2021-3413 — Sensitive Information Exposure | cvebase