Jump to:

CVE-2021-3584

Jump to:

CVE-2021-3584

Package foreman updated to version 3.0.0-alt1 for branch sisyphus in task 287700.

Published: 2021-12-23
Modified: 2024-11-21

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1968439
https://bugzilla.redhat.com/show_bug.cgi?id=1968439
https://github.com/theforeman/foreman/pull/8599
https://github.com/theforeman/foreman/pull/8599
https://projects.theforeman.org/issues/32753
https://projects.theforeman.org/issues/32753

Version: 2.1.0

Package foreman update in sisyphus on 2021-12-06

ALT-PU-2021-3483-1

Closed vulnerabilities

CVE-2021-3584