CVE-2023-0462

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-0462
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0462.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-0462
Related
Published
2023-09-20T14:15:12Z
Modified
2024-10-12T10:23:16.400643Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.2rc2
0.3
0.3.1
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5

1.*

1.0
1.0.1
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5

3.*

3.8.0-rc1
3.8.0-rc2