CVE-2023-0118

critical

Description

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

References

Advisories

https://bugzilla.redhat.com/show_bug.cgi?id=2159291

https://access.redhat.com/security/cve/CVE-2023-0118

https://access.redhat.com/errata/RHSA-2023:6818

https://access.redhat.com/errata/RHSA-2023:5980

https://access.redhat.com/errata/RHSA-2023:5979

https://access.redhat.com/errata/RHSA-2023:4466

Details

Source: Mitre, NVD

Published: 2023-09-20

Updated: 2024-05-03

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00019

Detections

Analytics