PT-2023-1956 · Foreman+1 · Foreman+1

Ybuenos

Published

2023-03-22

Updated

2025-03-26

CVE-2023-0462

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foreman (affected versions not specified)

Description An arbitrary code execution flaw was found in Foreman, related to incorrect handling of code generation in the YAML.load() function of the YAML parser library. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2025-3716

BDU:2023-01569

CVE-2023-0462

RHSA-2023:5931

RHSA-2023:5979

RHSA-2023:5980

Affected Products

Alt Linux

Foreman

PT-2023-1956 · Foreman+1 · Foreman+1

CVE-2023-0462

Weakness Enumeration

Related Identifiers

Affected Products

References · 14