CVE-2023-0118

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:4466	Release Notes Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5979
https://access.redhat.com/errata/RHSA-2023:5980
https://access.redhat.com/errata/RHSA-2023:6818
https://access.redhat.com/security/cve/CVE-2023-0118	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2159291	Issue Tracking Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:4466	Release Notes Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5979
https://access.redhat.com/errata/RHSA-2023:5980
https://access.redhat.com/errata/RHSA-2023:6818
https://access.redhat.com/security/cve/CVE-2023-0118	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2159291	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-20 14:15

Updated : 2024-11-21 07:36

NVD link : CVE-2023-0118

Mitre link : CVE-2023-0118

CVE.ORG link : CVE-2023-0118

JSON object : View

Products Affected

theforeman

foreman

redhat

enterprise_linux
satellite

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-0118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2023-09-20T14:15:12.827", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4466", "tags": ["Release Notes", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:5979", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:5980", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:6818", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0118", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:4466", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2023:5979", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2023:5980", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2023:6818", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0118", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la ejecuci\u00f3n de c\u00f3digo arbitrario en Foreman. Esta falla permite a un usuario administrador omitir el modo seguro en las plantillas y ejecutar c\u00f3digo arbitrario en el sistema operativo subyacente."}], "lastModified": "2024-11-21T07:36:35.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C66A3AE-183C-49B6-9B8A-53BB90AFBDCF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88D8026B-94E6-4B69-AEEB-7A1B26D1153C", "versionEndExcluding": "6.13.3", "versionStartIncluding": "6.13"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}