CVE-2023-0462

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0462
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0462.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-0462
Downstream
Published
2023-09-20T13:40:43.213Z
Modified
2026-06-18T03:57:17.738993117Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Arbitrary code execution through yaml global parameters
Details

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

Database specific 
{
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0462.json"
}
References

Affected packages

Git
github.com/theforeman/foreman

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5fa51142d1c9a579168cbaf1c52acfeaf733e403
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ],
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*"
}

Affected versions

0.*
0.1-1
0.1-2
0.1-3
0.1-4
0.1-5
0.1-6
0.2
0.2rc1
0.3
0.4
0.4rc2
0.4rc3
0.4rc4
0.4rc5
1.*
1.0
1.0RC1
1.0RC2
1.0RC3
1.0RC4
1.0RC5
1.1
1.1RC1
1.1RC2
1.1RC3
1.1RC4
1.1RC5
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0462.json"
github.com/theforeman/foreman-installer

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/foreman-installer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f426bbf8810e91d5fe4fe6f97131159ff10417a8
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ],
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*"
}

Affected versions

1.*
1.0.1
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0462.json"
github.com/theforeman/smart-proxy

Affected ranges

Type
GIT
Repo
https://github.com/theforeman/smart-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4fabeb7ee4e869aa3f96aa1f484ee6a714bda19d
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ],
    "cpe": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*"
}

Affected versions

0.*
0.1
0.2
0.2rc2
0.3
1.*
1.0
1.0RC1
1.0RC2
1.1
1.1RC1
1.1RC2
1.1RC3
3.*
3.8.0-rc1
3.8.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0462.json"