CVE-2021-3589

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: Mar 23, 2022
Updated: May 9, 2024
CVE: CVE-2021-3589
GHSA: GHSA-vvff-6wrr-4g7q
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
theforeman / foreman_ansible	-	7.1.0
redhat / satellite	6.0	6.0.x
foreman_ansible	-	2.0.0

https://access.redhat.com/security/cve/CVE-2021-3589
https://bugzilla.redhat.com/show_bug.cgi?id=1969265
https://github.com/theforeman/foreman_ansible/commit/a5e0827bc3ec6c8ab82f968907857a15646305d5

Vulnerability Database

289,599

CVE-2021-3589