Vulnerabilites related to Red Hat - Red Hat Satellite 6.11 for RHEL 7
cve-2023-0118
Vulnerability from cvelistv5
Published
2023-09-20 13:39
Modified
2024-09-17 13:51
Severity ?
Summary
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
References
https://access.redhat.com/errata/RHSA-2023:4466vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5979vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:5980vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6818vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-0118vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2159291issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Create a notification for this product.
   Red Hat Red Hat Satellite 6.11 for RHEL 7 Unaffected: 0:3.1.1.27-1.el7sat   < *
    cpe:/a:redhat:satellite_capsule:6.11::el8
    cpe:/a:redhat:satellite_capsule:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el8
    cpe:/a:redhat:satellite:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el7
    cpe:/a:redhat:satellite:6.11::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.11 for RHEL 7 Unaffected: 0:3.1.1.27-1.el7sat   < *
    cpe:/a:redhat:satellite_capsule:6.11::el8
    cpe:/a:redhat:satellite_capsule:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el8
    cpe:/a:redhat:satellite:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el7
    cpe:/a:redhat:satellite:6.11::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.11 for RHEL 8 Unaffected: 0:3.1.1.27-1.el8sat   < *
    cpe:/a:redhat:satellite_capsule:6.11::el8
    cpe:/a:redhat:satellite_capsule:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el8
    cpe:/a:redhat:satellite:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el7
    cpe:/a:redhat:satellite:6.11::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.11 for RHEL 8 Unaffected: 0:3.1.1.27-1.el8sat   < *
    cpe:/a:redhat:satellite_capsule:6.11::el8
    cpe:/a:redhat:satellite_capsule:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el8
    cpe:/a:redhat:satellite:6.11::el7
    cpe:/a:redhat:satellite_utils:6.11::el7
    cpe:/a:redhat:satellite:6.11::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:1.3.8-1.el8sat   < *
    cpe:/a:redhat:satellite:6.12::el8
    cpe:/a:redhat:satellite_capsule:6.12::el8
    cpe:/a:redhat:satellite_utils:6.12::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.13 for RHEL 8 Unaffected: 0:1.3.8-1.el8sat   < *
    cpe:/a:redhat:satellite_capsule:6.13::el8
    cpe:/a:redhat:satellite_utils:6.13::el8
    cpe:/a:redhat:satellite_maintenance:6.13::el8
    cpe:/a:redhat:satellite:6.13::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:3.7.0.9-1.el8sat   < *
    cpe:/a:redhat:satellite_maintenance:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
Create a notification for this product.
   Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:3.7.0.9-1.el8sat   < *
    cpe:/a:redhat:satellite_maintenance:6.14::el8
    cpe:/a:redhat:satellite_utils:6.14::el8
    cpe:/a:redhat:satellite:6.14::el8
    cpe:/a:redhat:satellite_capsule:6.14::el8
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:4466",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:4466"
          },
          {
            "name": "RHSA-2023:5979",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5979"
          },
          {
            "name": "RHSA-2023:5980",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:5980"
          },
          {
            "name": "RHSA-2023:6818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6818"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-0118"
          },
          {
            "name": "RHBZ#2159291",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T18:09:30.819280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T13:51:28.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/foreman",
          "defaultStatus": "affected",
          "packageName": "foreman"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.11::el8",
            "cpe:/a:redhat:satellite_capsule:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el8",
            "cpe:/a:redhat:satellite:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el7",
            "cpe:/a:redhat:satellite:6.11::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.11 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1.27-1.el7sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.11::el8",
            "cpe:/a:redhat:satellite_capsule:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el8",
            "cpe:/a:redhat:satellite:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el7",
            "cpe:/a:redhat:satellite:6.11::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.11 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1.27-1.el7sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.11::el8",
            "cpe:/a:redhat:satellite_capsule:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el8",
            "cpe:/a:redhat:satellite:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el7",
            "cpe:/a:redhat:satellite:6.11::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.11 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1.27-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.11::el8",
            "cpe:/a:redhat:satellite_capsule:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el8",
            "cpe:/a:redhat:satellite:6.11::el7",
            "cpe:/a:redhat:satellite_utils:6.11::el7",
            "cpe:/a:redhat:satellite:6.11::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.11 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.1.27-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.12::el8",
            "cpe:/a:redhat:satellite_capsule:6.12::el8",
            "cpe:/a:redhat:satellite_utils:6.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rubygem-safemode",
          "product": "Red Hat Satellite 6.12 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.13::el8",
            "cpe:/a:redhat:satellite_utils:6.13::el8",
            "cpe:/a:redhat:satellite_maintenance:6.13::el8",
            "cpe:/a:redhat:satellite:6.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rubygem-safemode",
          "product": "Red Hat Satellite 6.13 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.8-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_maintenance:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8",
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.0.9-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_maintenance:6.14::el8",
            "cpe:/a:redhat:satellite_utils:6.14::el8",
            "cpe:/a:redhat:satellite:6.14::el8",
            "cpe:/a:redhat:satellite_capsule:6.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.14 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.7.0.9-1.el8sat",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
        }
      ],
      "datePublic": "2023-03-12T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T15:32:29.709Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:4466",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:4466"
        },
        {
          "name": "RHSA-2023:5979",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5979"
        },
        {
          "name": "RHSA-2023:5980",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:5980"
        },
        {
          "name": "RHSA-2023:6818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6818"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-0118"
        },
        {
          "name": "RHBZ#2159291",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-12-12T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-03-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Foreman: arbitrary code execution through templates",
      "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-0118",
    "datePublished": "2023-09-20T13:39:27.756Z",
    "dateReserved": "2023-01-09T13:21:05.016Z",
    "dateUpdated": "2024-09-17T13:51:28.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}