CVE-2021-20290 - OpenCVE

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Theforeman	Openscap

Configuration 1 [-]

cpe:2.3:a:theforeman:openscap:*:*:*:*:*:foreman:*:*

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1939701
https://nvd.nist.gov/vuln/detail/CVE-2021-20290
https://www.cve.org/CVERecord?id=CVE-2021-20290

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-03-25T18:02:47

Updated: 2024-08-03T17:37:23.534Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20290

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-25T19:15:08.500

Modified: 2022-04-04T15:58:49.237

Link: CVE-2021-20290

Redhat

Severity : Moderate

Publid Date: 2021-03-30T10:00:00Z

Links: CVE-2021-20290 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "smart_proxy_openscap", "vendor": "n/a", "versions": [{"status": "affected", "version": "smart_proxy_openscap 0.9.1"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-25T18:02:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939701"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20290", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "smart_proxy_openscap", "version": {"version_data": [{"version_value": "smart_proxy_openscap 0.9.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1939701", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939701"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.534Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939701"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20290", "datePublished": "2022-03-25T18:02:47", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:37:23.534Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:openscap:*:*:*:*:*:foreman:*:*", "matchCriteriaId": "5F6194A9-4CA4-4B03-B7A8-2CCA4D72AA96", "versionEndExcluding": "0.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo de manejo de autorizaci\u00f3n inapropiado en Foreman. El plugin OpenSCAP para el smart-proxy permite a clientes de Foreman ejecutar acciones que deber\u00edan estar limitadas al Foreman Server. Este fallo permite a un atacante local autenticado acceder y eliminar recursos limitados y tambi\u00e9n causa una denegaci\u00f3n de servicio en el servidor Foreman. La mayor amenaza de esta vulnerabilidad es para la integridad y la disponibilidad del sistema"}], "id": "CVE-2021-20290", "lastModified": "2022-04-04T15:58:49.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-25T19:15:08.500", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939701"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Evgeni Golov (Red Hat). Upstream acknowledges Foreman project as the original reporter.", "bugzilla": {"description": "smart_proxy_openscap: Clients can perform reserved actions on Foreman Server through OpenSCAP plugin for smart-proxy", "id": "1939701", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939701"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-863", "details": ["An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.", "An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability."], "mitigation": {"lang": "en:us", "value": "To mitigate the flaw, disable smart_proxy_openscap plugin from the Server. You can do that either by editing `/etc/foreman-proxy/settings.d/openscap.yml` and restarting `systemctl restart foreman-proxy.service`, or by running `foreman-installer --no-enable-foreman-proxy-plugin-openscap` command."}, "name": "CVE-2021-20290", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "smart_proxy_openscap", "product_name": "Red Hat Satellite 6"}], "public_date": "2021-03-30T10:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20290\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20290"], "statement": "Red Hat Satellite 6 ship smart_proxy_openscap plugin which is affected by the flaw. The highest threat from this vulnerability is to integrity and system availability.", "threat_severity": "Moderate", "upstream_fix": "smart_proxy_openscap 0.9.1"}