Untriaged
Permalink
CVE-2023-0118
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Foreman: arbitrary code execution through templates
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
References
- RHSA-2023:4466 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5979 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5980 x_refsource_REDHAT vendor-advisory
- RHSA-2023:6818 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-0118 x_refsource_REDHAT vdb-entry
- RHBZ#2159291 issue-tracking x_refsource_REDHAT
- RHSA-2023:4466 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5979 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5980 x_refsource_REDHAT vendor-advisory
- RHSA-2023:6818 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-0118 x_refsource_REDHAT vdb-entry
- RHBZ#2159291 issue-tracking x_refsource_REDHAT
- RHSA-2023:4466 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:5979 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:5980 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:6818 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-0118 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2159291 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:4466 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5979 x_refsource_REDHAT vendor-advisory
- RHSA-2023:5980 x_refsource_REDHAT vendor-advisory
- RHSA-2023:6818 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-0118 x_refsource_REDHAT vdb-entry
- RHBZ#2159291 issue-tracking x_refsource_REDHAT
- RHSA-2023:4466 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:5979 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:5980 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2023:6818 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-0118 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2159291 issue-tracking x_refsource_REDHAT x_transferred
Affected products
foreman
- *
rubygem-safemode
- *
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>