A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1968439 | Issue Tracking Third Party Advisory |
https://github.com/theforeman/foreman/pull/8599 | Issue Tracking Patch Third Party Advisory |
https://projects.theforeman.org/issues/32753 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-12-23T19:48:46
Updated: 2021-12-23T19:48:46
Reserved: 2021-06-07T00:00:00
Link: CVE-2021-3584
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-23T20:15:11.533
Modified: 2022-01-05T18:58:25.773
Link: CVE-2021-3584
JSON object: View
Redhat Information
No data.
CWE