{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-3978","assignerOrgId":"a22f1246-ba21-4bb4-a601-ad51614c1513","state":"PUBLISHED","assignerShortName":"cloudflare","dateReserved":"2021-11-18T20:10:42.977Z","datePublished":"2025-01-29T10:00:53.237Z","dateUpdated":"2025-02-12T16:03:40.405Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://github.com/cloudflare/cfrpki/cmd/octorpki","defaultStatus":"unaffected","packageName":"octorpki","platforms":["Go"],"product":"octorpki","vendor":"Cloudflare","versions":[{"lessThan":"v1.4.2","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Ties de Kock"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service\">https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service</a>) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation."}],"value":"When copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a22f1246-ba21-4bb4-a601-ad51614c1513","shortName":"cloudflare","dateUpdated":"2025-01-29T10:00:53.237Z"},"references":[{"url":"https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85"}],"source":{"advisory":"GHSA-3pqh-p72c-fj85","discovery":"EXTERNAL"},"title":"Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-29T14:19:06.799392Z","id":"CVE-2021-3978","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T16:03:40.405Z"}}]}}