CVE-2021-3413
MEDIUMforeman_azurerm < 2.2.0 - Credential Exposure via API Output
Title source: llmDescription
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1930352
Scores
CVSS v3
6.3
EPSS
0.0032
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-200
Status
published
Products (2)
redhat/satellite
6.0
theforeman/foreman_azurerm
< 2.2.0
Published
Apr 08, 2021
Tracked Since
Feb 18, 2026