Bug #32257: CVE-2021-20290: Any client can perform Foreman actions - OpenSCAP - Foreman

Actions

Copy link

Bug #32257

closed

CVE-2021-20290: Any client can perform Foreman actions

Added by Lukas Zapletal about 3 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Lukas Zapletal

Target version:

Difficulty:

trivial

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/smart_proxy_openscap/pull/80, https://github.com/theforeman/smart_proxy_openscap/pull/81, https://github.com/theforeman/smart_proxy_openscap/pull/82, https://github.com/theforeman/smart_proxy_openscap/pull/83, https://github.com/theforeman/smart_proxy_openscap/pull/84

Fixed in Releases:

smart_proxy_openscap 0.7.5

Found in Releases:

Red Hat JIRA:

Description

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

https://access.redhat.com/security/cve/CVE-2021-20290

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Plugins » OpenSCAP

Custom queries

Bug #32257

CVE-2021-20290: Any client can perform Foreman actions

Updated by Lukas Zapletal about 3 years ago

Updated by The Foreman Bot about 3 years ago

Updated by The Foreman Bot about 3 years ago

Updated by Anonymous about 3 years ago

Updated by The Foreman Bot about 3 years ago

Updated by The Foreman Bot about 3 years ago

Updated by The Foreman Bot about 3 years ago

Updated by The Foreman Bot about 3 years ago

Updated by Ondřej Pražák almost 3 years ago