CVE-2021-3584 - OpenCVE

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Satellite
Theforeman	Foreman

Configuration 1 [-]

OR	cpe:2.3:a:theforeman:foreman::::::::
	cpe:2.3:a:theforeman:foreman::::::::
	cpe:2.3:a:theforeman:foreman:3.0.0:rc1::::::
	cpe:2.3:a:theforeman:foreman:3.0.0:rc2::::::

Configuration 2 [-]

cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1968439	Issue Tracking Third Party Advisory
https://github.com/theforeman/foreman/pull/8599	Issue Tracking Patch Third Party Advisory
https://projects.theforeman.org/issues/32753	Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-12-23T19:48:46

Updated: 2021-12-23T19:48:46

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-3584

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-23T20:15:11.533

Modified: 2022-01-05T18:58:25.773

Link: CVE-2021-3584

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "foreman", "vendor": "n/a", "versions": [{"status": "affected", "version": "foreman 2.4.1, foreman 2.5.1, foreman 3.0.0"}]}], "descriptions": [{"lang": "en", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-23T19:48:46", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://projects.theforeman.org/issues/32753"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/theforeman/foreman/pull/8599"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3584", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "foreman", "version": {"version_data": [{"version_value": "foreman 2.4.1, foreman 2.5.1, foreman 3.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78"}]}]}, "references": {"reference_data": [{"name": "https://projects.theforeman.org/issues/32753", "refsource": "MISC", "url": "https://projects.theforeman.org/issues/32753"}, {"name": "https://github.com/theforeman/foreman/pull/8599", "refsource": "MISC", "url": "https://github.com/theforeman/foreman/pull/8599"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3584", "datePublished": "2021-12-23T19:48:46", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2021-12-23T19:48:46", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A8CBA15-7710-462A-822C-3D7D92C717EC", "versionEndExcluding": "2.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA86BC71-CC45-47B5-8364-A5D850C5DBD8", "versionEndExcluding": "2.5.1", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:3.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BB531EC-9DDD-4228-BA5F-0F56FBFAD878", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:3.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "AAC25D55-5406-41B7-9439-E005875203C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "500C9E01-3373-43EA-AA9B-862B0DD87C6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota del lado del servidor Foreman project. Un atacante autenticado podr\u00eda usar las opciones de configuraci\u00f3n de Sendmail para sobrescribir los valores predeterminados y llevar a cabo una inyecci\u00f3n de comandos. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, integridad y disponibilidad del sistema. Las versiones corregidas son 2.4.1, 2.5.1 y 3.0.0"}], "id": "CVE-2021-3584", "lastModified": "2022-01-05T18:58:25.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-23T20:15:11.533", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/theforeman/foreman/pull/8599"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://projects.theforeman.org/issues/32753"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "secalert@redhat.com", "type": "Primary"}]}