CVE-2023-0118

Summary

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Satellite 6.11 for RHEL 70:3.1.1.27-1.el7sat < *unaffected
Red HatRed Hat Satellite 6.11 for RHEL 70:3.1.1.27-1.el7sat < *unaffected
Red HatRed Hat Satellite 6.11 for RHEL 80:3.1.1.27-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.11 for RHEL 80:3.1.1.27-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.12 for RHEL 80:1.3.8-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.13 for RHEL 80:1.3.8-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.14 for RHEL 80:3.7.0.9-1.el8sat < *unaffected
Red HatRed Hat Satellite 6.14 for RHEL 80:3.7.0.9-1.el8sat < *unaffected

Weaknesses

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References