Untriaged
Permalink
CVE-2023-0462
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Arbitrary code execution through yaml global parameters
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
References
- https://access.redhat.com/security/cve/CVE-2023-0462 x_refsource_REDHAT vdb-entry
- RHBZ#2162970 issue-tracking x_refsource_REDHAT
- RHBZ#2162970 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-0462 x_refsource_REDHAT vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2023-0462 x_refsource_REDHAT vdb-entry
- RHBZ#2162970 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-0462 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2162970 issue-tracking x_refsource_REDHAT x_transferred
Affected products
foreman
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>