A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
History

Thu, 10 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite Utils
CPEs cpe:/a:redhat:satellite_utils:6.12::el8
cpe:/a:redhat:satellite_utils:6.13::el8
cpe:/a:redhat:satellite_utils:6.14::el8
Vendors & Products Redhat satellite Utils

Tue, 24 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-09-24T15:01:27.145Z

Reserved: 2022-11-07T10:05:50.045Z

Link: CVE-2022-3874

cve-icon Vulnrichment

Updated: 2024-08-03T01:20:58.805Z

cve-icon NVD

Status : Modified

Published: 2023-09-22T14:15:44.943

Modified: 2024-11-21T07:20:24.737

Link: CVE-2022-3874

cve-icon Redhat

Severity : Important

Publid Date: 2023-04-19T00:00:00Z

Links: CVE-2022-3874 - Bugzilla