GHSA-f2rp-4rv7-fc95

Suggest an improvement
Source
https://github.com/advisories/GHSA-f2rp-4rv7-fc95
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-f2rp-4rv7-fc95/GHSA-f2rp-4rv7-fc95.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-f2rp-4rv7-fc95
Aliases
Published
2021-06-10T15:54:43Z
Modified
2023-11-01T04:54:05.752449Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
Details

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions of foremanfog_proxmox prior to 0.13.1 are affected.

Database specific
{
    "nvd_published_at": "2021-06-07T21:15:00Z",
    "github_reviewed_at": "2021-06-10T14:58:17Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

RubyGems / foreman_fog_proxmox

Package

Name
foreman_fog_proxmox
Purl
pkg:gem/foreman_fog_proxmox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.1

Affected versions

0.*

0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.6.0
0.7.0
0.8.0
0.8.2
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.10.0
0.10.1
0.10.2
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.4
0.13.0