ID
VAR-202110-1082
CVE
CVE-2021-38379
TITLE
CFEngine Enterprise Vulnerability regarding improper default permissions in
Trust: 0.8
sources:
JVNDB: JVNDB-2021-014539
DESCRIPTION
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. CFEngine Enterprise There is a vulnerability in improper default permissions.Information may be obtained
Trust: 1.62
sources:
NVD: CVE-2021-38379 //
JVNDB: JVNDB-2021-014539
IOT TAXONOMY
| category: | ['network device'] | sub_category: | hub | Trust: 0.1 |
sources:
OTHER: None
AFFECTED PRODUCTS
| vendor: | northern tech | model: | cfengine | scope: | lte | version: | 3.18.0 | Trust: 1.0 |
| vendor: | northern tech | model: | cfengine | scope: | gte | version: | 3.6.7 | Trust: 1.0 |
| vendor: | northern tech | model: | cfengine | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | northern tech | model: | cfengine | scope: | eq | version: | 3.6.7 to 3.18.0 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-014539 //
NVD: CVE-2021-38379
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
JVNDB: JVNDB-2021-014539 //
CNNVD: CNNVD-202110-2000 //
NVD: CVE-2021-38379
PROBLEMTYPE DATA
| problemtype: | CWE-276 | Trust: 1.0 |
| problemtype: | Inappropriate default permissions (CWE-276) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-014539 //
NVD: CVE-2021-38379
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202110-2000
TYPE
information disclosure
Trust: 0.6
sources:
CNNVD: CNNVD-202110-2000
PATCH
| title: | CVE-2021-38379 & CVE-2021-36756 CFEngine | url: | https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/ | Trust: 0.8 |
| title: | Northern.tech CfEngine Repair measures for information disclosure vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168743 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2021-014539 //
CNNVD: CNNVD-202110-2000
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-38379 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2021-014539 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202110-2000 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
sources:
OTHER: None //
JVNDB: JVNDB-2021-014539 //
CNNVD: CNNVD-202110-2000 //
NVD: CVE-2021-38379
REFERENCES
| url: | https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/ | Trust: 1.6 |
| url: | https://docs.cfengine.com/docs/3.18/enterprise-cfengine-guide.html | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-38379 | Trust: 0.8 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
sources:
OTHER: None //
JVNDB: JVNDB-2021-014539 //
CNNVD: CNNVD-202110-2000 //
NVD: CVE-2021-38379
SOURCES
| db: | OTHER | id: | - |
| db: | JVNDB | id: | JVNDB-2021-014539 |
| db: | CNNVD | id: | CNNVD-202110-2000 |
| db: | NVD | id: | CVE-2021-38379 |
LAST UPDATE DATE
2025-01-30T21:57:26.920000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2021-014539 | date: | 2022-10-20T05:27:00 |
| db: | CNNVD | id: | CNNVD-202110-2000 | date: | 2021-11-05T00:00:00 |
| db: | NVD | id: | CVE-2021-38379 | date: | 2021-11-04T13:37:43.773 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2021-014539 | date: | 2022-10-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-202110-2000 | date: | 2021-10-27T00:00:00 |
| db: | NVD | id: | CVE-2021-38379 | date: | 2021-10-27T15:15:08.047 |