CVE-2021-44216

MEDIUM

CFEngine < 3.15.5 and 3.18.x < 3.18.1 - Unauthorized Local File Access via Insecure Log File Permissions

Title source: llm
STIX 2.1

Description

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://northern.tech
Exploit, Vendor Advisory x_refsource_misc
https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Scores

CVSS v3 5.5
EPSS 0.0036
EPSS Percentile 27.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-276
Status published
Products (1)
northern.tech/cfengine < 3.15.5
Published Mar 10, 2022
Tracked Since Feb 18, 2026