VDB

CVE-2021-3584

CVE-2021-3584 PUBLISHED

Reported by redhat · Published December 23, 2021

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Affected Products

VendorProductVersions
n/aforemanforeman 2.4.1, foreman 2.5.1, foreman 3.0.0
n/aforemanforeman 2.4.1, foreman 2.5.1, foreman 3.0.0

Timeline

  • Dec 23, 2021 CVE Published
  • Dec 24, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 16, 2022 EPSS Score
  • Jun 4, 2022 EPSS Score
  • Jul 29, 2022 EPSS Score
  • Sep 21, 2022 EPSS Score
  • Nov 14, 2022 EPSS Score
  • Jan 7, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 25, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score

References

  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
Open in Interactive Console →
$ Console Community · 100/wk Open console ›