CVE-2021-33924

CRITICAL

Confluent Ansible 5.5.0-5.5.2, 6.0.0 - Missing Authorization

Title source: llm
STIX 2.1

Description

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.detack.de/en/cve-2021-33924
Vendor Advisory x_refsource_misc
https://confluent.io

Scores

CVSS v3 9.8
EPSS 0.0156
EPSS Percentile 72.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (4)
confluent/ansible 5.5.0
confluent/ansible 5.5.1
confluent/ansible 5.5.2
confluent/ansible 6.0.0
Published Sep 29, 2021
Tracked Since Feb 18, 2026