CVE-2021-3584

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3584

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3584.json

Related

• RLSA-2022:5498

Published

2021-12-23T20:15:11Z

Modified

2022-01-05T18:58:25Z

Details

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

References

• https://projects.theforeman.org/issues/32753
• https://github.com/theforeman/foreman/pull/8599
• https://bugzilla.redhat.com/show_bug.cgi?id=1968439