PT-2022-10477 · Foreman · Foreman

Yadnyawalk Tale

Published

2022-08-22

Updated

2022-08-26

CVE-2021-3590

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foreman project (affected versions not specified)

Description A flaw was found in the Foreman project, where a credential leak exposes the Azure Compute Profile password through JSON of the API output. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-319

Related Identifiers

CVE-2021-3590

Affected Products

Foreman

PT-2022-10477 · Foreman · Foreman

CVE-2021-3590

Weakness Enumeration

Related Identifiers

Affected Products

References · 5