Vulnerability Description
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | All versions |
| Redhat | Satellite | >= 6.13, < 6.13.3 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:4466Release NotesThird Party Advisory
- https://access.redhat.com/errata/RHSA-2023:5979
- https://access.redhat.com/errata/RHSA-2023:5980
- https://access.redhat.com/errata/RHSA-2023:6818
- https://access.redhat.com/security/cve/CVE-2023-0118Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2159291Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2023:4466Release NotesThird Party Advisory
- https://access.redhat.com/errata/RHSA-2023:5979
- https://access.redhat.com/errata/RHSA-2023:5980
- https://access.redhat.com/errata/RHSA-2023:6818
- https://access.redhat.com/security/cve/CVE-2023-0118Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2159291Issue TrackingThird Party Advisory
FAQ
What is CVE-2023-0118?
CVE-2023-0118 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
How severe is CVE-2023-0118?
CVE-2023-0118 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-0118?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman, Redhat Satellite, Redhat Enterprise Linux.