CVE-2023-0118

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

Published: Sep 20, 2023
Updated: Sep 23, 2023
CVE: CVE-2023-0118
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
theforeman / foreman	-	-
redhat / satellite	6.13	6.13.3

https://access.redhat.com/errata/RHSA-2023:4466
https://access.redhat.com/errata/RHSA-2023:5979
https://access.redhat.com/errata/RHSA-2023:5980
https://access.redhat.com/errata/RHSA-2023:6818
https://access.redhat.com/security/cve/CVE-2023-0118
https://bugzilla.redhat.com/show_bug.cgi?id=2159291

Vulnerability Database

289,599

CVE-2023-0118