{"api_version":"1","generated_at":"2026-04-22T21:37:42+00:00","cve":"CVE-2021-3590","urls":{"html":"https://cve.report/CVE-2021-3590","api":"https://cve.report/api/cve/CVE-2021-3590.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3590","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3590"},"summary":{"title":"CVE-2021-3590","description":"A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-08-22 15:15:00","updated_at":"2022-08-26 15:01:00"},"problem_types":["CWE-319"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2021-3590","name":"https://access.redhat.com/security/cve/CVE-2021-3590","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1969258","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1969258","refsource":"MISC","tags":[],"title":"1969258 – (CVE-2021-3590) CVE-2021-3590 foreman: azure compute profile credential leak to authenticated users","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3590","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3590","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"satellite","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"theforeman","cpe5":"foreman","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-3590","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"foreman","version":{"version_data":[{"version_affected":"=","version_value":"Affects foreman-1.6.0 onwards"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1969258","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1969258"},{"url":"https://access.redhat.com/security/cve/CVE-2021-3590","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2021-3590"}]}},"nvd":{"publishedDate":"2022-08-22 15:15:00","lastModifiedDate":"2022-08-26 15:01:00","problem_types":["CWE-319"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3590","Ordinal":"209821","Title":"CVE-2021-3590","CVE":"CVE-2021-3590","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3590","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}