CVE-2021-3584

{"id": "CVE-2021-3584", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-12-23T20:15:11.533", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/theforeman/foreman/pull/8599", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://projects.theforeman.org/issues/32753", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota del lado del servidor Foreman project. Un atacante autenticado podr\u00eda usar las opciones de configuraci\u00f3n de Sendmail para sobrescribir los valores predeterminados y llevar a cabo una inyecci\u00f3n de comandos. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, integridad y disponibilidad del sistema. Las versiones corregidas son 2.4.1, 2.5.1 y 3.0.0"}], "lastModified": "2022-01-05T18:58:25.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A8CBA15-7710-462A-822C-3D7D92C717EC", "versionEndExcluding": "2.4.1"}, {"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA86BC71-CC45-47B5-8364-A5D850C5DBD8", "versionEndExcluding": "2.5.1", "versionStartIncluding": "2.5.0"}, {"criteria": "cpe:2.3:a:theforeman:foreman:3.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BB531EC-9DDD-4228-BA5F-0F56FBFAD878"}, {"criteria": "cpe:2.3:a:theforeman:foreman:3.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAC25D55-5406-41B7-9439-E005875203C6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "500C9E01-3373-43EA-AA9B-862B0DD87C6D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}