CVE-2023-0118

2023-09-2014:15:12

CWE-78

[email protected]

web.nvd.nist.gov

foreman

safe mode

code execution

admin user

templates

operating system

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

53.0%

JSON

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

Affected configurations

Nvd

Node

theforemanforeman

Node

redhatsatelliteRange6.13–6.13.3

AND

redhatenterprise_linuxMatch8.0

VendorProductVersionCPE
theforemanforeman*cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
redhatsatellite*cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
theforeman	foreman	*	cpe:2.3:a:theforeman:foreman::::::::
redhat	satellite	*	cpe:2.3:a:redhat:satellite::::::::
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*