CVE-2023-0118
Foreman: arbitrary code execution through templates
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Productos afectados
foremanRed Hat · Red Hat Satellite 6.11 for RHEL 7Red Hat · Red Hat Satellite 6.11 for RHEL 8Red Hat · Red Hat Satellite 6.12 for RHEL 8Red Hat · Red Hat Satellite 6.13 for RHEL 8Red Hat · Red Hat Satellite 6.14 for RHEL 8¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2023:4466https://access.redhat.com/errata/RHSA-2023:5979https://access.redhat.com/errata/RHSA-2023:5980https://access.redhat.com/errata/RHSA-2023:6818https://access.redhat.com/security/cve/CVE-2023-0118https://bugzilla.redhat.com/show_bug.cgi?id=2159291