Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20290

Опубликовано: 30 мар. 2021
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

Отчет

Red Hat Satellite 6 ship smart_proxy_openscap plugin which is affected by the flaw. The highest threat from this vulnerability is to integrity and system availability.

Меры по смягчению последствий

To mitigate the flaw, disable smart_proxy_openscap plugin from the Server. You can do that either by editing /etc/foreman-proxy/settings.d/openscap.yml and restarting systemctl restart foreman-proxy.service, or by running foreman-installer --no-enable-foreman-proxy-plugin-openscap command.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Satellite 6smart_proxy_openscapAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=1939701smart_proxy_openscap: Clients can perform reserved actions on Foreman Server through OpenSCAP plugin for smart-proxy

EPSS

Процентиль: 24%
0.00081
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-20290

CVSS3: 6.1
nvd
почти 4 года назад

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

debian логотип

CVE-2021-20290

CVSS3: 6.1
debian
почти 4 года назад

An improper authorization handling flaw was found in Foreman. The Open ...

github логотип

GHSA-87g3-c5f5-mjmm

CVSS3: 6.1
github
почти 4 года назад

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

EPSS

Процентиль: 24%
0.00081
Низкий

6.1 Medium

CVSS3