CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

Published: Sep 20, 2023
Updated: Sep 23, 2023
CVE: CVE-2023-0462
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
theforeman / foreman	-	3.8.0
redhat / satellite	6.0	6.0.x

https://access.redhat.com/security/cve/CVE-2023-0462
https://bugzilla.redhat.com/show_bug.cgi?id=2162970

Vulnerability Database

289,599

CVE-2023-0462