CVE-2021-3584

Source
https://cve.org/CVERecord?id=CVE-2021-3584
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3584.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3584
Downstream
Published
2021-12-23T20:15:11.533Z
Modified
2026-07-08T05:59:45.786472031Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:satellite",
            "extracted_events": [
                {
                    "introduced": "6.0"
                },
                {
                    "last_affected": "6.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git
github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.1"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.1"
        },
        {
            "introduced": "3.0.0-rc1"
        },
        {
            "last_affected": "3.0.0-rc1"
        },
        {
            "introduced": "3.0.0-rc2"
        },
        {
            "last_affected": "3.0.0-rc2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:theforeman:foreman:3.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:theforeman:foreman:3.0.0:rc2:*:*:*:*:*:*"
    ]
}

Affected versions

0.*
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.3
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5
1.*
1.0
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5
2.*
2.4.0
2.4.0-rc1
2.4.0-rc2
2.4.0-rc3
2.5.0
3.*
3.0.0-rc1
3.0.0-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3584.json"
github.com/theforeman/foreman-installer

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.1"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.1"
        },
        {
            "introduced": "3.0.0-rc1"
        },
        {
            "last_affected": "3.0.0-rc1"
        },
        {
            "introduced": "3.0.0-rc2"
        },
        {
            "last_affected": "3.0.0-rc2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:theforeman:foreman:3.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:theforeman:foreman:3.0.0:rc2:*:*:*:*:*:*"
    ]
}

Affected versions

1.*
1.0.1
2.*
2.4.0
2.4.0-rc1
2.4.0-rc2
2.4.0-rc3
2.5.0
3.*
3.0.0-rc1
3.0.0-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3584.json"
github.com/theforeman/smart-proxy

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.1"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.1"
        },
        {
            "introduced": "3.0.0-rc1"
        },
        {
            "last_affected": "3.0.0-rc1"
        },
        {
            "introduced": "3.0.0-rc2"
        },
        {
            "last_affected": "3.0.0-rc2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:theforeman:foreman:3.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:theforeman:foreman:3.0.0:rc2:*:*:*:*:*:*"
    ]
}

Affected versions

0.*
0.1
0.2
0.2rc2
0.3
1.*
1.0
1.0RC1
1.0RC2
1.1
1.1RC1
1.1RC2
1.1RC3
2.*
2.4.0
2.4.0-rc1
2.4.0-rc2
2.4.0-rc3
2.5.0
3.*
3.0.0-rc1
3.0.0-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3584.json"