CVE-2021-3590

HIGH

Foreman >= 1.6.0 - Cleartext Transmission of Sensitive Information via Azure Compute Profile Password

Title source: llm
STIX 2.1

Description

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1969258
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-3590

Scores

CVSS v3 8.8
EPSS 0.0056
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200 CWE-319
Status published
Products (2)
redhat/satellite 6.0
theforeman/foreman 1.6.0
Published Aug 22, 2022
Tracked Since Feb 18, 2026