| Vulnerability Name: | CVE-2021-3584 (CCN-216210) | ||||||||||||
| Assigned: | 2021-12-23 | ||||||||||||
| Published: | 2021-12-23 | ||||||||||||
| Updated: | 2022-01-05 | ||||||||||||
| Summary: | A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. | ||||||||||||
| CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-3584 Source: CCN Type: Red Hat Bugzilla - Bug 1968439 (CVE-2021-3584) - CVE-2021-3584 foreman: Authenticate remote code execution through Sendmail configuration Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1968439 Source: XF Type: UNKNOWN foreman-cve20213584-code-exec(216210) Source: CCN Type: Foreman GIT Repository Fixes #32753 - Remote code execution through Sendmail #8599 Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://github.com/theforeman/foreman/pull/8599 Source: MISC Type: Issue Tracking, Patch, Vendor Advisory https://projects.theforeman.org/issues/32753 Source: CCN Type: WhiteSource Vulnerability Database CVE-2021-3584 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||