Описание
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Ссылки
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.0 (исключая)
cpe:2.3:a:theforeman:foreman_ansible:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00218
Низкий
8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 8
redhat
больше 4 лет назад
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS3: 8
github
почти 4 года назад
Missing Authentication for Critical Function in Foreman Ansible
EPSS
Процентиль: 44%
0.00218
Низкий
8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-306
CWE-306