Search criteria
2 vulnerabilities found for Red Hat Satellite 6.11 for RHEL 7 by Red Hat
CVE-2023-0118 (GCVE-0-2023-0118)
Vulnerability from cvelistv5 – Published: 2023-09-20 13:39 – Updated: 2024-09-17 13:51
VLAI?
Title
Foreman: arbitrary code execution through templates
Summary
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:09:30.819280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:51:28.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/theforeman/foreman",
"defaultStatus": "affected",
"packageName": "foreman"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.12::el8",
"cpe:/a:redhat:satellite_capsule:6.12::el8",
"cpe:/a:redhat:satellite_utils:6.12::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.12 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.13::el8",
"cpe:/a:redhat:satellite_utils:6.13::el8",
"cpe:/a:redhat:satellite_maintenance:6.13::el8",
"cpe:/a:redhat:satellite:6.13::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.13 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
}
],
"datePublic": "2023-03-12T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:32:29.709Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Foreman: arbitrary code execution through templates",
"x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0118",
"datePublished": "2023-09-20T13:39:27.756Z",
"dateReserved": "2023-01-09T13:21:05.016Z",
"dateUpdated": "2024-09-17T13:51:28.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0118 (GCVE-0-2023-0118)
Vulnerability from nvd – Published: 2023-09-20 13:39 – Updated: 2024-09-17 13:51
VLAI?
Title
Foreman: arbitrary code execution through templates
Summary
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:09:30.819280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:51:28.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/theforeman/foreman",
"defaultStatus": "affected",
"packageName": "foreman"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.12::el8",
"cpe:/a:redhat:satellite_capsule:6.12::el8",
"cpe:/a:redhat:satellite_utils:6.12::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.12 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.13::el8",
"cpe:/a:redhat:satellite_utils:6.13::el8",
"cpe:/a:redhat:satellite_maintenance:6.13::el8",
"cpe:/a:redhat:satellite:6.13::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.13 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
}
],
"datePublic": "2023-03-12T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:32:29.709Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Foreman: arbitrary code execution through templates",
"x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0118",
"datePublished": "2023-09-20T13:39:27.756Z",
"dateReserved": "2023-01-09T13:21:05.016Z",
"dateUpdated": "2024-09-17T13:51:28.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}