An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:4466 | Release Notes Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2023-0118 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2159291 | Issue Tracking Third Party Advisory |
Configurations
History
22 Sep 2023, 23:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
First Time |
Theforeman foreman
Theforeman Redhat satellite Redhat Redhat enterprise Linux |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2159291 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:4466 - Release Notes, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-0118 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
20 Sep 2023, 14:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-20 14:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-0118
Mitre link : CVE-2023-0118
CVE.ORG link : CVE-2023-0118
JSON object : View
Products Affected
theforeman
- foreman
redhat
- satellite
- enterprise_linux
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')