{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0118", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-01-09T13:21:05.016Z", "datePublished": "2023-09-20T13:39:27.756Z", "dateUpdated": "2024-09-17T13:51:28.373Z"}, "containers": {"cna": {"title": "Foreman: arbitrary code execution through templates", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."}], "affected": [{"packageName": "foreman", "collectionURL": "https://github.com/theforeman/foreman", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.1.1.27-1.el7sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.1.1.27-1.el7sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.1.1.27-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.1.1.27-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.12 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-safemode", "defaultStatus": "affected", "versions": [{"version": "0:1.3.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite:6.12::el8", "cpe:/a:redhat:satellite_capsule:6.12::el8", "cpe:/a:redhat:satellite_utils:6.12::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rubygem-safemode", "defaultStatus": "affected", "versions": [{"version": "0:1.3.8-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_maintenance:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.7.0.9-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_maintenance:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "foreman", "defaultStatus": "affected", "versions": [{"version": "0:3.7.0.9-1.el8sat", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:satellite_maintenance:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4466", "name": "RHSA-2023:4466", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5979", "name": "RHSA-2023:5979", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5980", "name": "RHSA-2023:5980", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:6818", "name": "RHSA-2023:6818", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0118", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291", "name": "RHBZ#2159291", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-03-12T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "timeline": [{"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-03-12T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-03T15:32:29.709Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:43.821Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4466", "name": "RHSA-2023:4466", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5979", "name": "RHSA-2023:5979", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5980", "name": "RHSA-2023:5980", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:6818", "name": "RHSA-2023:6818", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0118", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291", "name": "RHBZ#2159291", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T18:09:30.819280Z", "id": "CVE-2023-0118", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T13:51:28.373Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4466", "name": "RHSA-2023:4466", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5979", "name": "RHSA-2023:5979", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5980", "name": "RHSA-2023:5980", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:6818", "name": "RHSA-2023:6818", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0118", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291", "name": "RHBZ#2159291", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:43.821Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0118", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-07T18:09:30.819280Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T13:51:24.491Z"}}], "cna": {"title": "Foreman: arbitrary code execution through templates", "credits": [{"lang": "en", "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"packageName": "foreman", "collectionURL": "https://github.com/theforeman/foreman", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.1.1.27-1.el7sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.1.1.27-1.el7sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.1.1.27-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.11::el8", "cpe:/a:redhat:satellite_capsule:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el8", "cpe:/a:redhat:satellite:6.11::el7", "cpe:/a:redhat:satellite_utils:6.11::el7", "cpe:/a:redhat:satellite:6.11::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.11 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.1.1.27-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite:6.12::el8", "cpe:/a:redhat:satellite_capsule:6.12::el8", "cpe:/a:redhat:satellite_utils:6.12::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.12 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.3.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-safemode", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_capsule:6.13::el8", "cpe:/a:redhat:satellite_utils:6.13::el8", "cpe:/a:redhat:satellite_maintenance:6.13::el8", "cpe:/a:redhat:satellite:6.13::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.13 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.3.8-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "rubygem-safemode", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_maintenance:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.7.0.9-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:satellite_maintenance:6.14::el8", "cpe:/a:redhat:satellite_utils:6.14::el8", "cpe:/a:redhat:satellite:6.14::el8", "cpe:/a:redhat:satellite_capsule:6.14::el8"], "vendor": "Red Hat", "product": "Red Hat Satellite 6.14 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.7.0.9-1.el8sat", "lessThan": "*", "versionType": "rpm"}], "packageName": "foreman", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-03-12T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-03-12T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:4466", "name": "RHSA-2023:4466", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5979", "name": "RHSA-2023:5979", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:5980", "name": "RHSA-2023:5980", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:6818", "name": "RHSA-2023:6818", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0118", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291", "name": "RHBZ#2159291", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-03T15:32:29.709Z"}, "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}}, "cveMetadata": {"cveId": "CVE-2023-0118", "state": "PUBLISHED", "dateUpdated": "2024-09-17T13:51:28.373Z", "dateReserved": "2023-01-09T13:21:05.016Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-09-20T13:39:27.756Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C66A3AE-183C-49B6-9B8A-53BB90AFBDCF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", "matchCriteriaId": "88D8026B-94E6-4B69-AEEB-7A1B26D1153C", "versionEndExcluding": "6.13.3", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la ejecuci\u00f3n de c\u00f3digo arbitrario en Foreman. Esta falla permite a un usuario administrador omitir el modo seguro en las plantillas y ejecutar c\u00f3digo arbitrario en el sistema operativo subyacente."}], "id": "CVE-2023-0118", "lastModified": "2024-11-21T07:36:35.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-20T14:15:12.827", "references": [{"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:4466"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:5979"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:5980"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:6818"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-0118"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:4466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:5979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:5980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:6818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-0118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite:6.11::el7", "package": "foreman-0:3.1.1.27-1.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el7", "package": "foreman-0:3.1.1.27-1.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite_utils:6.11::el7", "package": "foreman-0:3.1.1.27-1.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite:6.11::el8", "package": "foreman-0:3.1.1.27-1.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8", "package": "foreman-0:3.1.1.27-1.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5980", "cpe": "cpe:/a:redhat:satellite_utils:6.11::el8", "package": "foreman-0:3.1.1.27-1.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:5979", "cpe": "cpe:/a:redhat:satellite:6.12::el8", "package": "rubygem-safemode-0:1.3.8-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2023-10-20T00:00:00Z"}, {"advisory": "RHSA-2023:4466", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "rubygem-safemode-0:1.3.8-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-08-03T00:00:00Z"}, {"advisory": "RHSA-2023:6818", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "foreman-0:3.7.0.9-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2023:6818", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "foreman-0:3.7.0.9-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2023:6818", "cpe": "cpe:/a:redhat:satellite_utils:6.14::el8", "package": "foreman-0:3.7.0.9-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "Foreman: Arbitrary code execution through templates", "id": "2159291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-78", "details": ["An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.", "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."], "name": "CVE-2023-0118", "public_date": "2023-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0118\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0118"], "threat_severity": "Important"}