CVE-2021-3978 – github.com/cloudflare/cfrpki

Package

Manager: go
Name: github.com/cloudflare/cfrpki
Vulnerable Version: >=0 <1.4.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00017 pctl0.02636

Details

Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki ### Impact When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. ## For more information If you have any questions or comments about this advisory email us at security@cloudflare.com

Metadata

Created: 2021-11-19T19:34:26Z
Modified: 2025-01-29T16:56:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-3pqh-p72c-fj85/GHSA-3pqh-p72c-fj85.json
CWE IDs: ["CWE-269", "CWE-281"]
Alternative ID: GHSA-3pqh-p72c-fj85
Finding: F159
Auto approve: 1