Все бюллетени/sisyphus/ALT-PU-2021-3483-1
ALT-PU-2021-3483-1

Обновление пакета foreman в ветке sisyphus

Версия3.0.0-alt1
Задание#287700
Опубликовано2021-12-06
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (1)

CVE-2021-3584
HIGH7.2

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Опубликовано: 2021-12-23Изменено: 2024-11-21
CVSS 2.0КРИТИЧЕСКАЯ 9.0
CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 3.xВЫСОКАЯ 7.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ссылки