CVE-2021-3589

Description

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Risk Information

Base Score

8.0

MODERATE

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.218

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2021-3589 are fixed in Ruby-foreman_ansible 2.0.0	Windows
Vulnerabilities CVE-2021-3589 are fixed in Ruby-foreman_ansible for Linux 2.0.0	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234