Untriaged
Permalink
CVE-2022-3874
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Os command injection via ct_command and fcct_command
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
References
- https://access.redhat.com/security/cve/CVE-2022-3874 x_refsource_REDHAT vdb-entry
- RHBZ#2140577 issue-tracking x_refsource_REDHAT
- RHBZ#2140577 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2022-3874 x_refsource_REDHAT vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2022-3874 x_refsource_REDHAT vdb-entry
- RHBZ#2140577 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2022-3874 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2140577 issue-tracking x_refsource_REDHAT x_transferred
Affected products
foreman
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>