CVE-2023-0462

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0462

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0462.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0462

Related

Withdrawn

2024-09-03T04:41:22.211142Z

Published

2023-09-20T14:15:12Z

Modified

2024-09-03T04:01:17.175627Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5fa51142d1c9a579168cbaf1c52acfeaf733e403

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f426bbf8810e91d5fe4fe6f97131159ff10417a8

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4fabeb7ee4e869aa3f96aa1f484ee6a714bda19d

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.2rc2

0.3

0.3.1

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0.1

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

3.*

3.8.0-rc1

3.8.0-rc2