CVE-2021-3590
HIGHForeman >= 1.6.0 - Cleartext Transmission of Sensitive Information via Azure Compute Profile Password
Title source: llmDescription
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1969258
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-3590
Scores
CVSS v3
8.8
EPSS
0.0016
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-319
CWE-200
Status
published
Products (2)
redhat/satellite
6.0
theforeman/foreman
1.6.0
Published
Aug 22, 2022
Tracked Since
Feb 18, 2026