PT-2023-5419 · Foreman+1 · Foreman+1

Andrew Danau

Publicado

2023-08-13

Atualizado

2023-09-26

CVE-2022-3874

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions foreman (affected versions not specified)

Description A command injection flaw was found in foreman, allowing an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates. This could result in arbitrary command execution on the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2023-06049

CVE-2022-3874

DLA-3526-1

GHSA-9JFQ-54VC-9RR2

RHSA-2023:5931

RHSA-2023:5979

RHSA-2023:6818

Produtos afetados

Rocky Linux

Foreman

PT-2023-5419 · Foreman+1 · Foreman+1

CVE-2022-3874

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16