A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Theforeman
Theforeman foreman |
|
CPEs | cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:* cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Theforeman
Theforeman foreman |
Wed, 14 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 12 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A command injection flaw was found in the "Host Init Config" template in the Foreman application, via the "Install Packages" field on the "Register Host" page. This issue may allow an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. | A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. |
Mon, 12 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A command injection flaw was found in the "Host Init Config" template in the Foreman application, via the "Install Packages" field on the "Register Host" page. This issue may allow an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. |
Title | Foreman: Command Injection in "Host Init Config" Template via "Install Packages" Field on Foreman | Foreman: command injection in "host init config" template via "install packages" field on foreman |
First Time appeared |
Redhat
Redhat satellite |
|
CPEs | cpe:/a:redhat:satellite:6 | |
Vendors & Products |
Redhat
Redhat satellite |
|
References |
|
Mon, 12 Aug 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | Foreman: Command Injection in "Host Init Config" Template via "Install Packages" Field on Foreman | |
Weaknesses | CWE-77 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-08-12T16:48:54.120Z
Updated: 2024-09-27T16:27:16.155Z
Reserved: 2024-08-12T10:57:20.394Z
Link: CVE-2024-7700
Vulnrichment
Updated: 2024-08-14T13:23:30.640Z
NVD
Status : Analyzed
Published: 2024-08-12T17:15:18.607
Modified: 2024-09-16T14:20:21.087
Link: CVE-2024-7700
Redhat