CVE-2021-3584

high

Description

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

References

https://projects.theforeman.org/issues/32753

https://github.com/theforeman/foreman/pull/8599

https://bugzilla.redhat.com/show_bug.cgi?id=1968439

Details

Source: Mitre, NVD

Published: 2021-12-23

Updated: 2022-01-05

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High