Homepage
About Snyk

Improper Authorization Affecting smart_proxy_shellhooks package, versions <0.9.2

0.0
medium

Snyk CVSS

    Attack Complexity Low
    Privileges Required High
    Confidentiality High
    Integrity High

    Threat Intelligence

    EPSS 0.04% (6th percentile)
Expand this section
NVD
6.1 medium
Expand this section
Red Hat
6.1 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUBY-SMARTPROXYSHELLHOOKS-1292148
  • published 13 May 2021
  • disclosed 13 May 2021
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 13 May 2021

CVE-2021-3457 Open this link in a new tab
CWE-285 Open this link in a new tab

How to fix?

Upgrade smart_proxy_shellhooks to version 0.9.2 or higher.

Overview

smart_proxy_shellhooks is a Provides easy integration with 3rd parties for Foreman

Affected versions of this package are vulnerable to Improper Authorization. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.