CVE-2021-20259

Name of the Vulnerable Software and Affected Versions: foreman fog proxmox versions prior to 0.13.1

Description: A flaw was found in the Foreman project, where the Proxmox compute resource exposes the password through the API to an authenticated local attacker with view hosts permission. This poses a significant threat to data confidentiality and integrity, as well as system availability.

Recommendations: For versions prior to 0.13.1, update to version 0.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Proxmox compute resource API for authenticated local attackers with view hosts permission until a patch is available.