CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.4%
Red Hat Satellite is a system management solution that allows organizations to
configure and maintain their systems without the necessity to provide public
Internet access to their servers or other client systems. It performs
provisioning and configuration management of predefined standard operating
environments.
Security fix(es):
foreman: Arbitrary code execution through templates
foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters
foreman: OS command injection via ct_command and fcct_command
puppet-agent for Satellite and Capsule: various flaws
tfm-rubygem-git: ruby-git: code injection vulnerability
rubygem-git: ruby-git: code injection vulnerability
yggdrasil-worker-forwarder: various flaws
This update fixes the following bugs:
2159656 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.12]
2163524 - CVE-2023-0462 foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters [rhn_satellite_6.12]
2163694 - CVE-2022-3874 foreman: OS command injection via ct_command and fcct_command [rhn_satellite_6.12]
2242354 - CVE-2022-1292 CVE-2022-2068 puppet-agent for Satellite and Capsule: various flaws [rhn_satellite_6.12]
2242359 - CVE-2022-47318 tfm-rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.12]
2242362 - CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.12]
2243833 - [Major Incident] CVE-2023-39325 CVE-2023-44487 yggdrasil-worker-forwarder: various flaws [rhn_satellite_6.12]
Users of Red Hat Satellite are advised to upgrade to these updated packages,
which fix these bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | noarch | foreman-vmware | < 3.3.0.23-1.el8sat | foreman-vmware-3.3.0.23-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | foreman-journald | < 3.3.0.23-1.el8sat | foreman-journald-3.3.0.23-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | foreman-dynflow-sidekiq | < 3.3.0.23-1.el8sat | foreman-dynflow-sidekiq-3.3.0.23-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | satellite-capsule | < 6.12.5.2-1.el8sat | satellite-capsule-6.12.5.2-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | foreman | < 3.3.0.23-1.el8sat | foreman-3.3.0.23-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | rubygem-git | < 1.18.0-1.el8sat | rubygem-git-1.18.0-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | foreman-postgresql | < 3.3.0.23-1.el8sat | foreman-postgresql-3.3.0.23-1.el8sat.noarch.rpm |
RedHat | 8 | noarch | foreman-libvirt | < 3.3.0.23-1.el8sat | foreman-libvirt-3.3.0.23-1.el8sat.noarch.rpm |
RedHat | 8 | x86_64 | puppet-agent | < 7.26.0-3.el8sat | puppet-agent-7.26.0-3.el8sat.x86_64.rpm |
RedHat | 8 | noarch | foreman-ovirt | < 3.3.0.23-1.el8sat | foreman-ovirt-3.3.0.23-1.el8sat.noarch.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.4%