CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2022-3874	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2140577	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:satellite:6.0:::::::*
	cpe:2.3:a:theforeman:foreman:-:::::::*

History

26 Sep 2023, 13:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:redhat:satellite:6.0:::::::* cpe:2.3:a:theforeman:foreman:-:::::::*
CWE		CWE-78
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
First Time		Theforeman foreman Redhat satellite Redhat Theforeman
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2140577 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2140577 - Issue Tracking, Vendor Advisory
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2022-3874 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2022-3874 - Vendor Advisory

22 Sep 2023, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-22 14:15

Updated : 2023-12-10 15:14

NVD link : CVE-2022-3874

Mitre link : CVE-2022-3874

CVE.ORG link : CVE-2022-3874

JSON object : View

Products Affected

theforeman

foreman

redhat

satellite

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-3874", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}]}, "published": "2023-09-22T14:15:44.943", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-3874", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system."}, {"lang": "es", "value": "Se encontr\u00f3 falla en inyecci\u00f3n de comando en capataz. Esta falla permite a un usuario autenticado con privilegios de administrador en la instancia de foreman transpilar comandos a trav\u00e9s de configuraciones de CoreOS y Fedora CoreOS en plantillas, lo que posiblemente resulte en la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo subyacente."}], "lastModified": "2023-11-07T03:51:54.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903"}, {"criteria": "cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7E727C-BF9F-4A86-BCBE-1CE6E1108181"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}