CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
Published
2021-12-23T20:15:11.533
Last Modified
2024-11-21T06:21:54.377
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 7.2 (HIGH)
CVSSv2 Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
8.0
Impact Score
10.0
Weaknesses
Affected Vendors & Products
References
-
https://bugzilla.redhat.com/show_bug.cgi?id=1968439
Issue Tracking, Third Party Advisory
([email protected])
-
https://github.com/theforeman/foreman/pull/8599
Issue Tracking, Patch, Third Party Advisory
([email protected])
-
https://projects.theforeman.org/issues/32753
Issue Tracking, Patch, Vendor Advisory
([email protected])
-
https://bugzilla.redhat.com/show_bug.cgi?id=1968439
Issue Tracking, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/theforeman/foreman/pull/8599
Issue Tracking, Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://projects.theforeman.org/issues/32753
Issue Tracking, Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)