CVE-2023-0462

CWE-94 — Code Injection4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.1%

top 75.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman Redhat Satellite

Timeline

PublishedSep 20

Description

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

▶NVDtheforeman/foreman< 3.8.0

▶NVDredhat/satellite

🔴Vulnerability Details

GHSA

GHSA-6c26-fwvj-8945: An arbitrary code execution flaw was found in Foreman↗2023-09-20

▶

CVEList

Arbitrary code execution through yaml global parameters↗2023-09-20

▶

📋Vendor Advisories

Red Hat

Satellite/Foreman: Arbitrary code execution through yaml global parameters↗2023-03-21

▶