CVE-2023-0118
Foreman: arbitrary code execution through templates
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
foremanRed Hat · Red Hat Satellite 6.11 for RHEL 7Red Hat · Red Hat Satellite 6.11 for RHEL 8Red Hat · Red Hat Satellite 6.12 for RHEL 8Red Hat · Red Hat Satellite 6.13 for RHEL 8Red Hat · Red Hat Satellite 6.14 for RHEL 8Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2023:4466https://access.redhat.com/errata/RHSA-2023:5979https://access.redhat.com/errata/RHSA-2023:5980https://access.redhat.com/errata/RHSA-2023:6818https://access.redhat.com/security/cve/CVE-2023-0118https://bugzilla.redhat.com/show_bug.cgi?id=2159291