{"vulnerability": "GHSA-3PQH-P72C-FJ85", "sightings": [{"uuid": "68f61d59-66af-45f2-89e4-adddf9ac0a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-3pqh-p72c-fj85", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113911088253196556", "content": "", "creation_timestamp": "2025-01-29T10:07:48.057302Z"}, {"uuid": "35ff61a5-170d-4738-a653-e6bf9b349c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-3PQH-P72C-FJ85", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3372", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3978\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-29T10:15:07.750\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85", "creation_timestamp": "2025-01-29T11:18:14.000000Z"}, {"uuid": "d2df7c3d-104c-407d-a8be-b83d2e4242b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-3PQH-P72C-FJ85", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3978\n\ud83d\udd25 CVSS Score: 8.3 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nWhen copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.  \n\n## For more information\n\nIf you have any questions or comments about this advisory email us at security@cloudflare.com\n\ud83d\udccf Published: 2021-11-19T19:34:26Z\n\ud83d\udccf Modified: 2025-01-29T16:56:35Z\n\ud83d\udd17 References:\n1. https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85\n2. https://nvd.nist.gov/vuln/detail/CVE-2021-3978\n3. https://github.com/cloudflare/cfrpki", "creation_timestamp": "2025-01-29T17:11:10.000000Z"}]}