A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-22T13:56:54.314Z
Updated: 2024-08-03T01:20:58.805Z
Reserved: 2022-11-07T10:05:50.045Z
Link: CVE-2022-3874
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-22T14:15:44.943
Modified: 2023-11-07T03:51:54.520
Link: CVE-2022-3874
Redhat