CVE-2023-0118

Advisory lineage Upstream: 0 Downstream: 4

Downstream

RHSA-2023:4466 RHSA-2023:5979 RHSA-2023:5980 RHSA-2023:6818

Modified

Published: 20 Sept 2023, 13:39

Last modified:17 Sept 2024, 13:51

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.1 CRITICAL

v3.1 (cve.org)

EPSS Score

0.04% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Sept 2023, 13:39

Published

Vulnerability first disclosed

17 Sept 2024, 13:51

Last Modified

Vulnerability information updated

Description

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

CVSS Metrics

v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.04%• Percentile: 12%

Techniques & Countermeasures

CWE-78•Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Affected Systems

redhat•satellite
≥ 6.13, < 6.13.3