An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HRed Hat Satellite
APPRedhat≥ 6.0Theforeman Foreman
APPTheforeman< 3.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...
CVE-2015-2590CRITICAL9.8⚠ KEVten sam produkt
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows re...
CVE-2024-7923CRITICAL9.8PL ✓ten sam produkt
Authentication bypass w Pulpcore/Red Hat Satellite przez nagłówek HTTP
CVE-2024-7012CRITICAL9.8PL ✓ten sam produkt
Authentication Bypass w Foreman/Red Hat Satellite via zniekształcony nagłówek HTTP
CVE-2023-0118CRITICAL9.1ten sam produkt
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in t...