RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:python-pulp-container, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm, p-cpe:/a:redhat:enterprise_linux:python-pulpcore, p-cpe:/a:redhat:enterprise_linux:python39-pulp-container, p-cpe:/a:redhat:enterprise_linux:python39-pulp-rpm, p-cpe:/a:redhat:enterprise_linux:python39-pulpcore, p-cpe:/a:redhat:enterprise_linux:rubygem-actioncable, p-cpe:/a:redhat:enterprise_linux:rubygem-actionmailbox, p-cpe:/a:redhat:enterprise_linux:rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:rubygem-actiontext, p-cpe:/a:redhat:enterprise_linux:rubygem-actionview, p-cpe:/a:redhat:enterprise_linux:rubygem-activejob, p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:rubygem-activestorage, p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_rh_cloud, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_webhooks, p-cpe:/a:redhat:enterprise_linux:rubygem-katello, p-cpe:/a:redhat:enterprise_linux:rubygem-rails, p-cpe:/a:redhat:enterprise_linux:rubygem-railties, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_container_gateway, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:satellite-clone, p-cpe:/a:redhat:enterprise_linux:satellite-common

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploitable With

Metasploit (Apache Commons Text RCE)

Reference Information

CVE: CVE-2022-32224, CVE-2022-42003, CVE-2022-42889