PT-2021-20363 · Confluent · Confluent Ansible

Octav Opaschi

Published

2021-09-29

Updated

2021-10-07

CVE-2021-33923

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Confluent Ansible (cp-ansible) versions 5.5.0 through 6.0.0

Description: The issue allows local attackers to access sensitive information, including private keys and the state database, due to insecure permissions.

Recommendations: For versions 5.5.0 through 6.0.0, update the permissions to secure sensitive information, ensuring that only authorized access is allowed to private keys and the state database. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-33923

Affected Products

Confluent Ansible

PT-2021-20363 · Confluent · Confluent Ansible

CVE-2021-33923

Weakness Enumeration

Related Identifiers

Affected Products

References · 5