HIGH🇵🇱 Wersja polska

CVE-2023-0462

CVSS 8.0v3.1pub. 2023-09-20upd. 2024-11-21

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Red Hat Satellite

    APP
    Redhat
    ≥ 6.0
  • Theforeman Foreman

    APP
    Theforeman
    < 3.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2015-2590CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows re...

CVE-2024-7923CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w Pulpcore/Red Hat Satellite przez nagłówek HTTP

CVE-2024-7012CRITICAL9.8PL ✓ten sam produkt

Authentication Bypass w Foreman/Red Hat Satellite via zniekształcony nagłówek HTTP

CVE-2023-0118CRITICAL9.1ten sam produkt

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in t...