CVE-2021-33924
moderate-risk
Published 2021-09-29
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.
Do I need to act?
-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Ansible
Ansible
Ansible
Ansible
Affected Vendors
References (4)
Vendor Advisory
https://confluent.io
Third Party Advisory
https://www.detack.de/en/cve-2021-33924
Vendor Advisory
https://confluent.io
Third Party Advisory
https://www.detack.de/en/cve-2021-33924
45
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
10/34 · Low