{"containers": {"cna": {"affected": [{"product": "foreman", "vendor": "n/a", "versions": [{"status": "affected", "version": "foreman 2.4.1, foreman 2.5.1, foreman 3.0.0"}]}], "descriptions": [{"lang": "en", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-23T19:48:46", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://projects.theforeman.org/issues/32753"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/theforeman/foreman/pull/8599"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3584", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "foreman", "version": {"version_data": [{"version_value": "foreman 2.4.1, foreman 2.5.1, foreman 3.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78"}]}]}, "references": {"reference_data": [{"name": "https://projects.theforeman.org/issues/32753", "refsource": "MISC", "url": "https://projects.theforeman.org/issues/32753"}, {"name": "https://github.com/theforeman/foreman/pull/8599", "refsource": "MISC", "url": "https://github.com/theforeman/foreman/pull/8599"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:07.414Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://projects.theforeman.org/issues/32753"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/theforeman/foreman/pull/8599"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3584", "datePublished": "2021-12-23T19:48:46", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2024-08-03T17:01:07.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A8CBA15-7710-462A-822C-3D7D92C717EC", "versionEndExcluding": "2.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA86BC71-CC45-47B5-8364-A5D850C5DBD8", "versionEndExcluding": "2.5.1", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:3.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BB531EC-9DDD-4228-BA5F-0F56FBFAD878", "vulnerable": true}, {"criteria": "cpe:2.3:a:theforeman:foreman:3.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "AAC25D55-5406-41B7-9439-E005875203C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "500C9E01-3373-43EA-AA9B-862B0DD87C6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota del lado del servidor Foreman project. Un atacante autenticado podr\u00eda usar las opciones de configuraci\u00f3n de Sendmail para sobrescribir los valores predeterminados y llevar a cabo una inyecci\u00f3n de comandos. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, integridad y disponibilidad del sistema. Las versiones corregidas son 2.4.1, 2.5.1 y 3.0.0"}], "id": "CVE-2021-3584", "lastModified": "2022-01-05T18:58:25.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-23T20:15:11.533", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/theforeman/foreman/pull/8599"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://projects.theforeman.org/issues/32753"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Jakub Heba (AFINE) as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite:6.11::el7", "impact": "moderate", "package": "foreman-0:3.1.1.21-2.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el7", "impact": "moderate", "package": "foreman-0:3.1.1.21-2.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite:6.11::el8", "impact": "moderate", "package": "foreman-0:3.1.1.21-2.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8", "impact": "moderate", "package": "foreman-0:3.1.1.21-2.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2022-07-05T00:00:00Z"}], "bugzilla": {"description": "foreman: Authenticate remote code execution through Sendmail configuration", "id": "1968439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968439"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-78", "details": ["A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.", "A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system."], "mitigation": {"lang": "en:us", "value": "This vulnerability can be mitigated by setting following two values in `/etc/foreman/settings.yaml` file which will render them read-only from the application: \n:sendmail_location: '/usr/sbin/sendmail'\n:sendmail_arguments: '-i'"}, "name": "CVE-2021-3584", "public_date": "2021-06-16T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3584\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3584"], "threat_severity": "Moderate", "upstream_fix": "foreman 2.4.1, foreman 2.5.1, foreman 3.0.0"}