Improper Authorization Affecting smart_proxy_shellhooks package, versions <0.9.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-SMARTPROXYSHELLHOOKS-1292148
- published 13 May 2021
- disclosed 13 May 2021
- credit Unknown
Introduced: 13 May 2021
CVE-2021-3457 Open this link in a new tabHow to fix?
Upgrade smart_proxy_shellhooks to version 0.9.2 or higher.
Overview
smart_proxy_shellhooks is a Provides easy integration with 3rd parties for Foreman
Affected versions of this package are vulnerable to Improper Authorization. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.