CVE-2021-3590
published 2022-08-22CVE-2021-3590: A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The…
PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.56%
42.2th percentile
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | satellite | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | >= 1.6.0 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
foreman: azure compute profile credential leak to authenticated users
vendor_redhat·2021-06-08·CVSS 8.8
CVE-2021-3590 [HIGH] CWE-200 foreman: azure compute profile credential leak to authenticated users
foreman: azure compute profile credential leak to authenticated users
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Statement: Red Hat Satellite is vulnerable to the compute profile credential leak for Azure. Red Hat Product Security has rated this flaw as having a security impact of Low. Please refer to htt
GHSA
GHSA-6543-h8cq-cc73: A flaw was found in Foreman project
ghsa_unreviewed·2022-08-23
CVE-2021-3590 [HIGH] CWE-319 GHSA-6543-h8cq-cc73: A flaw was found in Foreman project
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
No detection rules found.
No public exploits indexed.
2022-08-22
Published