Bug 1928301 (CVE-2021-3412)
| Summary: | CVE-2021-3412 3scale: lack of brute force protection on dev portal login | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Chess Hazlett <chazlett> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amasferr, chazlett |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the 3scale developer portal, where it lacked brute force protections. This flaw allows an attacker to use this gap to bypass login controls and access privileged information, or possibly conduct further attacks. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1919437, 1930346 | ||
|
Description
Chess Hazlett
2021-02-12 22:34:09 UTC
|