CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
redhatCNA
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
theforemanforeman
𝑥
< 3.8.0
redhatsatellite
6.0 ≤
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2023-0462
https://bugzilla.redhat.com/show_bug.cgi?id=2162970
https://access.redhat.com/security/cve/CVE-2023-0462
https://bugzilla.redhat.com/show_bug.cgi?id=2162970