CVE-2021-3584 - AskarLabs CVE Database

CVE-2021-3584

Vendor N/A

Product foreman

Weakness CWE-78

Published December 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

Key dates

02Disclosure timeline

December 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3584

Related vulnerabilities

04Related CVE

CVE-2013-10053 ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution CVE-2021-33554 UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE CVE-2023-20021 Cisco Identity Services Engine Privilege Escalation Vulnerabilities CVE-2020-7351 Fonality Trixbox CE Post-Authentication Command Injection CVE-2025-11138 mirweiye wenkucms common.php createPathOne os command injection