Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12dmZmLTZ3cnItNGc3cc01ZQ
Missing Authentication for Critical Function in Foreman Ansible
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Permalink: https://github.com/advisories/GHSA-vvff-6wrr-4g7qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12dmZmLTZ3cnItNGc3cc01ZQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Percentage: 0.00087
EPSS Percentile: 0.38533
Identifiers: GHSA-vvff-6wrr-4g7q, CVE-2021-3589
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3589
- https://access.redhat.com/security/cve/CVE-2021-3589
- https://bugzilla.redhat.com/show_bug.cgi?id=1969265
- https://github.com/theforeman/foreman_ansible/commit/a5e0827bc3ec6c8ab82f968907857a15646305d5
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_ansible/CVE-2021-3589.yml
- https://github.com/advisories/GHSA-vvff-6wrr-4g7q
Blast Radius: 4.9
Affected Packages
rubygems:foreman_ansible
Dependent packages: 2Dependent repositories: 4
Downloads: 207,725 total
Affected Version Ranges: < 2.0.0
Fixed in: 2.0.0
All affected versions: 0.1.0, 0.1.1, 0.2.1, 0.2.2, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.5, 1.4.6, 1.5.0, 1.5.1, 1.5.2
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 4.0.0, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.4.0, 6.4.1, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 8.0.0, 8.0.1, 9.0.0, 9.0.1, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 11.0.0, 11.1.0, 11.1.1, 11.1.2, 11.2.0, 11.2.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 14.0.0, 14.1.0, 14.1.1, 14.2.0, 14.2.1, 14.2.2, 15.0.0, 15.0.1, 15.0.2, 15.0.3