{"containers": {"cna": {"affected": [{"product": "satellite", "vendor": "n/a", "versions": [{"status": "affected", "version": "Satellite v6.7"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-281", "description": "CWE-281 - Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-26T15:25:42", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-3414"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-3414"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3414", "datePublished": "2022-08-26T15:25:42", "dateReserved": "2021-02-22T00:00:00", "dateUpdated": "2024-08-03T16:53:17.555Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "92A1C228-CEEE-4F06-B87D-77510FB76A7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality."}, {"lang": "es", "value": "Se ha encontrado un fallo en satellite. Cuando son concedidos permisos granulares relacionados con la organizaci\u00f3n, tambi\u00e9n son concedidos otros permisos que permiten al usuario visualizar y administrar otras organizaciones. La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos."}], "id": "CVE-2021-3414", "lastModified": "2024-11-21T06:21:27.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-08-26T16:15:08.747", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3414"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-281"}], "source": "[email protected]", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jean-Baptiste Dancre (Saint-Gobain DSI Groupe) for reporting this issue.", "bugzilla": {"description": "satellite: granular permissions related to organizations with other permissions may lead to confidentiality and integrity breach", "id": "1926139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-281", "details": ["A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality."], "name": "CVE-2021-3414", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite", "product_name": "Red Hat Satellite 6"}], "public_date": "2021-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3414\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3414"], "threat_severity": "Moderate"}