Vulnerability Details CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2021-20259
-
cpe:2.3:a:theforeman:foremanfogproxmox:-
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.1.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.1.4
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.10.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.10.1
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.10.2
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.11.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.11.1
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.12.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.12.1
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.12.2
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.13.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.3.1
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.3.4
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.4.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.1
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.2
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.3
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.4
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.5
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.5.6
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.6.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.7.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.8.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.8.2
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.9.0
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.9.1
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.9.2
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.9.3
-
cpe:2.3:a:theforeman:foremanfogproxmox:0.9.4