Foreman · Foreman · CVE-2022-3874
**Name of the Vulnerable Software and Affected Versions**
foreman (affected versions not specified)
**Description**
A command injection flaw was found in foreman, allowing an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates. This could result in arbitrary command execution on the underlying operating system.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.