{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0462", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-01-24T12:05:40.039Z", "datePublished": "2023-09-20T13:40:43.213Z", "dateUpdated": "2024-08-02T05:10:56.254Z"}, "containers": {"cna": {"title": "Arbitrary code execution through yaml global parameters", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload."}], "affected": [{"product": "foreman", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:satellite:6"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0462", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970", "name": "RHBZ#2162970", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-03-21T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "timeline": [{"lang": "en", "time": "2022-12-21T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-03-21T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-20T13:40:43.213Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:56.254Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-0462", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970", "name": "RHBZ#2162970", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E27457-9E93-45C1-907F-7E5852B4FD1F", "versionEndExcluding": "3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EF9AC67-8BDC-4B5E-B5A0-B9232033361B", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la ejecuci\u00f3n de c\u00f3digo arbitrario en Foreman. Este problema puede permitir que un usuario administrador ejecute c\u00f3digo arbitrario en el sistema operativo subyacente estableciendo par\u00e1metros globales con un payload YAML."}], "id": "CVE-2023-0462", "lastModified": "2023-11-07T04:00:31.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-20T14:15:12.990", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-0462"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite:6.11::el7", "package": "foreman-0:3.1.1.27-1.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el7", "package": "foreman-0:3.1.1.27-1.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite:6.11::el8", "package": "foreman-0:3.1.1.27-1.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8", "package": "foreman-0:3.1.1.27-1.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5979", "cpe": "cpe:/a:redhat:satellite:6.12::el8", "package": "foreman-0:3.3.0.23-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5979", "cpe": "cpe:/a:redhat:satellite_capsule:6.12::el8", "package": "foreman-0:3.3.0.23-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5931", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "foreman-0:3.5.1.23-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-10-19T00:00:00Z"}, {"advisory": "RHSA-2023:5931", "cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8", "package": "foreman-0:3.5.1.23-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-10-19T00:00:00Z"}], "bugzilla": {"description": "Satellite/Foreman: Arbitrary code execution through yaml global parameters", "id": "2162970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.", "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload."], "name": "CVE-2023-0462", "public_date": "2023-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0462\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0462"], "threat_severity": "Important", "upstream_fix": "foreman 3.8.0"}