CVE-2023-0462

Arbitrary code execution through yaml global parameters

CVSS 8 HIGHEPSS 1.0%CWE-94

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 Sep 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

n/a · foreman Red Hat · Red Hat Satellite 6

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/security/cve/CVE-2023-0462 https://bugzilla.redhat.com/show_bug.cgi?id=2162970