CVE-2021-3978Improper Privilege Management in Octorpki

CWE-269Improper Privilege ManagementCWE-281Improper Preservation of Permissions7 documents5 sources
Severity
5.5MEDIUMNVD
CNA7.5
EPSS
0.1%
top 78.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cloudflare OctorpkiGithub.com Cloudflare Cfrpki
Timeline
PublishedJan 29

Description

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5cloudflare/octorpki< v1.4.2
NVDcloudflare/octorpki< 1.4.2

🔴Vulnerability Details

5
OSV
CVE-2021-3978: When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root2025-01-29
CVEList
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki2025-01-29
OSV
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki2024-08-21
OSV
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki2021-11-19
GHSA
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki2021-11-19

📋Vendor Advisories

1
Debian
CVE-2021-3978: cfrpki - When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync...2021
CVE-2021-3978 — Improper Privilege Management | cvebase