CVE-2021-3456

HIGH

Theforeman Smart Proxy Salt < 2.1.5 - Incorrect Authorization

Title source: rule

Description

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

Exploits (1)

nomisec WRITEUP 1 stars

by mrk336 · poc

https://github.com/mrk336/CVE-2021-3456

View Code ZIP pw:eip

References (1)

Core 1

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1941001

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 6.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-863

Status published

Products (1)

theforeman/smart_proxy_salt < 2.1.5

Published Mar 30, 2022

Tracked Since Feb 18, 2026