关键信息 漏洞编号: CVE-2021-3589 漏洞描述: authenticated user can access host through job_template 报告时间: 2021-06-08 05:49 UTC 修改时间: 2023-07-07 08:31 UTC 关键词: Security 状态: NEW 产品: Security Response 组件: vulnerability 版本: unspecified 硬件: All 操作系统: Linux 优先级: medium 严重性: medium 描述: An attacker with elevated privileges can utilize Ansible functions to carry out actions as the Foreman-proxy user on the system. 相关备注: Looks like foreman_ansible introduced REX and job_templates in foreman_ansible-2.0.0 onward. 备注链接: https://github.com/theforeman/foreman_ansible/commit/a5e0827bc3ec6c8ab82f968907857a15646305d5 复杂性: The complexity of performing this attack is not within the attacker's control and privilege required evaluated is high. 管理员特权: The administrator of Foreman must grant the attacker administrative-equivalent privileges to create or modify job templates (PR:H). However, even if the attacker has the necessary access, they still need to have at least two host machines deployed and added to Foreman, and have access to the first host to gain access to the second in order to achieve remote code execution on the machine (AC:H).