CVE-2021-3589
First published: Tue Jun 08 2021(Updated: )
An attacker with elevated privileges can utilize Ansible functions to carry out actions as the Foreman-proxy user on the system. The prerequisite for this is that the hosts must have already been added to Foreman, and the attacker must have access to one of these hosts. If the attacker already has access to the system, they are deemed trustworthy with a high level of privilege.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Theforeman Foreman Ansible | <7.1.0 | |
| Redhat Satellite | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3589?
CVE-2021-3589 is an authorization flaw found in Foreman Ansible, which allows an authenticated attacker with certain permissions to access hosts through job templates.
What is the severity of CVE-2021-3589?
The severity of CVE-2021-3589 is high, with a severity value of 8.
What is the impact of CVE-2021-3589?
The highest threat from CVE-2021-3589 is to data confidentiality and integrity, as well as system availability.
Which software versions are affected by CVE-2021-3589?
Foreman Ansible version up to 7.1.0 and Redhat Satellite version 6.0 are affected by CVE-2021-3589.
How can I fix CVE-2021-3589?
There is no known fix for CVE-2021-3589 at the moment. It is recommended to follow the provided references for any updates or patches.
- collector/redhat-bugzilla
- alias/CVE-2021-3589
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/theforeman
- canonical/theforeman foreman ansible
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/6.0