CVE-2023-0118 - Vulnerability Details

- Foreman: arbitrary code execution through templates

Description

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

Published: 2023-09-20

Score: 9.1 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

affected —

Red Hat

Red Hat Satellite 6.11 for RHEL 7

affected

Version	Status	Constraints
`0:3.1.1.27-1.el7sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.11 for RHEL 7

affected

Version	Status	Constraints
`0:3.1.1.27-1.el7sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.11 for RHEL 8

affected

Version	Status	Constraints
`0:3.1.1.27-1.el8sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.11 for RHEL 8

affected

Version	Status	Constraints
`0:3.1.1.27-1.el8sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.12 for RHEL 8

affected

Version	Status	Constraints
`0:1.3.8-1.el8sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.13 for RHEL 8

affected

Version	Status	Constraints
`0:1.3.8-1.el8sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.14 for RHEL 8

affected

Version	Status	Constraints
`0:3.7.0.9-1.el8sat`	unaffected	< *

Red Hat

Red Hat Satellite 6.14 for RHEL 8

affected

Version	Status	Constraints
`0:3.7.0.9-1.el8sat`	unaffected	< *

Configuration 1 [-]

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.11 for RHEL 7
foreman-0:3.1.1.27-1.el7sat	cpe:/a:redhat:satellite:6.11::el7	RHSA-2023:5980	2023-10-20T00:00:00Z
foreman-0:3.1.1.27-1.el7sat	cpe:/a:redhat:satellite_capsule:6.11::el7	RHSA-2023:5980	2023-10-20T00:00:00Z
foreman-0:3.1.1.27-1.el7sat	cpe:/a:redhat:satellite_utils:6.11::el7	RHSA-2023:5980	2023-10-20T00:00:00Z
Red Hat Satellite 6.11 for RHEL 8
foreman-0:3.1.1.27-1.el8sat	cpe:/a:redhat:satellite:6.11::el8	RHSA-2023:5980	2023-10-20T00:00:00Z
foreman-0:3.1.1.27-1.el8sat	cpe:/a:redhat:satellite_capsule:6.11::el8	RHSA-2023:5980	2023-10-20T00:00:00Z
foreman-0:3.1.1.27-1.el8sat	cpe:/a:redhat:satellite_utils:6.11::el8	RHSA-2023:5980	2023-10-20T00:00:00Z
Red Hat Satellite 6.12 for RHEL 8
rubygem-safemode-0:1.3.8-1.el8sat	cpe:/a:redhat:satellite:6.12::el8	RHSA-2023:5979	2023-10-20T00:00:00Z
Red Hat Satellite 6.13 for RHEL 8
rubygem-safemode-0:1.3.8-1.el8sat	cpe:/a:redhat:satellite:6.13::el8	RHSA-2023:4466	2023-08-03T00:00:00Z
Red Hat Satellite 6.14 for RHEL 8
foreman-0:3.7.0.9-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2023:6818	2023-11-08T00:00:00Z
foreman-0:3.7.0.9-1.el8sat	cpe:/a:redhat:satellite_capsule:6.14::el8	RHSA-2023:6818	2023-11-08T00:00:00Z
foreman-0:3.7.0.9-1.el8sat	cpe:/a:redhat:satellite_utils:6.14::el8	RHSA-2023:6818	2023-11-08T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-12208	An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:4466
https://access.redhat.com/errata/RHSA-2023:5979
https://access.redhat.com/errata/RHSA-2023:5980
https://access.redhat.com/errata/RHSA-2023:6818
https://access.redhat.com/security/cve/CVE-2023-0118
https://bugzilla.redhat.com/show_bug.cgi?id=2159291
https://nvd.nist.gov/vuln/detail/CVE-2023-0118
https://www.cve.org/CVERecord?id=CVE-2023-0118

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Redhat Enterprise Linux Satellite Satellite Capsule Satellite Maintenance Satellite Utils

Theforeman Foreman

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-20T13:39:27.756Z

Updated: 2024-09-17T13:51:28.373Z

Reserved: 2023-01-09T13:21:05.016Z

Link: CVE-2023-0118

Vulnrichment

Updated: 2024-08-02T05:02:43.821Z

NVD

Status : Modified

Published: 2023-09-20T14:15:12.827

Modified: 2024-11-21T07:36:35.247

Link: CVE-2023-0118

Redhat

Severity : Important

Publid Date: 2023-03-12T00:00:00Z

Links: CVE-2023-0118 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object