CVE-2021-44216
First published: Mon Mar 07 2022(Updated: )
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU CFEngine | <3.15.5 | |
| GNU CFEngine | >=3.18.0<3.18.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44216?
CVE-2021-44216 is a vulnerability in Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 that has insecure permissions, allowing unauthorized local users to access Apache and Mission Portal log files.
How severe is CVE-2021-44216?
CVE-2021-44216 has a severity level of 5.5 (Medium).
How can unauthorized local users exploit CVE-2021-44216?
Unauthorized local users can exploit CVE-2021-44216 by gaining access to the Apache and Mission Portal log files due to insecure permissions.
Which versions of Northern.tech CFEngine Enterprise are affected by CVE-2021-44216?
Northern.tech CFEngine Enterprise versions before 3.15.5 and 3.18.x before 3.18.1 are affected by CVE-2021-44216.
Are there any fixes or patches available for CVE-2021-44216?
Yes, Northern.tech has released CFEngine Enterprise versions 3.15.5 and 3.18.1 to address the insecure permissions vulnerability in CVE-2021-44216.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/northern.tech
- canonical/gnu cfengine
- version/gnu cfengine/3.18.0