Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Red Hat Satellite 6.12 for RHEL 8 by Red Hat

    CVE-2024-6861 (GCVE-0-2024-6861)

    Vulnerability from nvd – Published: 2024-11-06 14:54 – Updated: 2025-11-20 07:31
    VLAI
    Title
    Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
    Summary
    A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.3 (semver)
    Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:3.3.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_maintenance:6.12::el8
        cpe:/a:redhat:satellite_utils:6.12::el8
        cpe:/a:redhat:satellite_capsule:6.12::el8
        cpe:/a:redhat:satellite:6.12::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2024-10-09 00:42
    Credits
    Red Hat would like to thank Sébastien Vecten for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T16:16:00.977132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:16:15.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://theforeman.org/",
              "defaultStatus": "unaffected",
              "packageName": "foreman",
              "versions": [
                {
                  "lessThan": "3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_maintenance:6.12::el8",
                "cpe:/a:redhat:satellite_utils:6.12::el8",
                "cpe:/a:redhat:satellite_capsule:6.12::el8",
                "cpe:/a:redhat:satellite:6.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.12 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite-utils:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank S\u00e9bastien Vecten for reporting this issue."
            }
          ],
          "datePublic": "2024-10-09T00:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product\u0027s API."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T07:31:26.304Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2022:8506",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2022:8506"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-6861"
            },
            {
              "name": "RHBZ#2317450",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317450"
            },
            {
              "url": "https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2"
            },
            {
              "url": "https://projects.theforeman.org/issues/34328"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-04T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-10-09T00:42:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue the GraphQL introspection feature must be disabled or the GraphQL API be disabled entirely.\n\nMalicious requests can also be filtered using a reverse proxy or directly in the web server configuration."
            }
          ],
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-6861",
        "datePublished": "2024-11-06T14:54:51.099Z",
        "dateReserved": "2024-07-17T20:36:00.703Z",
        "dateUpdated": "2025-11-20T07:31:26.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0118 (GCVE-0-2023-0118)

    Vulnerability from nvd – Published: 2023-09-20 13:39 – Updated: 2024-09-17 13:51
    VLAI
    Title
    Foreman: arbitrary code execution through templates
    Summary
    An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4466 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:5979 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:5980 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:6818 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-0118 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2159291 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.11 for RHEL 7 Unaffected: 0:3.1.1.27-1.el7sat , < * (rpm)
        cpe:/a:redhat:satellite_capsule:6.11::el8
        cpe:/a:redhat:satellite_capsule:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el8
        cpe:/a:redhat:satellite:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el7
        cpe:/a:redhat:satellite:6.11::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.11 for RHEL 8 Unaffected: 0:3.1.1.27-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_capsule:6.11::el8
        cpe:/a:redhat:satellite_capsule:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el8
        cpe:/a:redhat:satellite:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el7
        cpe:/a:redhat:satellite:6.11::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:1.3.8-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.12::el8
        cpe:/a:redhat:satellite_capsule:6.12::el8
        cpe:/a:redhat:satellite_utils:6.12::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.13 for RHEL 8 Unaffected: 0:1.3.8-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_capsule:6.13::el8
        cpe:/a:redhat:satellite_utils:6.13::el8
        cpe:/a:redhat:satellite_maintenance:6.13::el8
        cpe:/a:redhat:satellite:6.13::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:3.7.0.9-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_maintenance:6.14::el8
        cpe:/a:redhat:satellite_utils:6.14::el8
        cpe:/a:redhat:satellite:6.14::el8
        cpe:/a:redhat:satellite_capsule:6.14::el8
    Create a notification for this product.
    Date Public
    2023-03-12 00:00
    Credits
    Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:43.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4466",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4466"
              },
              {
                "name": "RHSA-2023:5979",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5979"
              },
              {
                "name": "RHSA-2023:5980",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5980"
              },
              {
                "name": "RHSA-2023:6818",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:6818"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-0118"
              },
              {
                "name": "RHBZ#2159291",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T18:09:30.819280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:51:28.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/theforeman/foreman",
              "defaultStatus": "affected",
              "packageName": "foreman"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el7sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el7sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.12::el8",
                "cpe:/a:redhat:satellite_capsule:6.12::el8",
                "cpe:/a:redhat:satellite_utils:6.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-safemode",
              "product": "Red Hat Satellite 6.12 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.8-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.13::el8",
                "cpe:/a:redhat:satellite_utils:6.13::el8",
                "cpe:/a:redhat:satellite_maintenance:6.13::el8",
                "cpe:/a:redhat:satellite:6.13::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-safemode",
              "product": "Red Hat Satellite 6.13 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.8-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_maintenance:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8",
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.0.9-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_maintenance:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8",
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.0.9-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
            }
          ],
          "datePublic": "2023-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:29.709Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4466",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4466"
            },
            {
              "name": "RHSA-2023:5979",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5979"
            },
            {
              "name": "RHSA-2023:5980",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5980"
            },
            {
              "name": "RHSA-2023:6818",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:6818"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-0118"
            },
            {
              "name": "RHBZ#2159291",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-03-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: arbitrary code execution through templates",
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-0118",
        "datePublished": "2023-09-20T13:39:27.756Z",
        "dateReserved": "2023-01-09T13:21:05.016Z",
        "dateUpdated": "2024-09-17T13:51:28.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6861 (GCVE-0-2024-6861)

    Vulnerability from cvelistv5 – Published: 2024-11-06 14:54 – Updated: 2025-11-20 07:31
    VLAI
    Title
    Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
    Summary
    A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.3 (semver)
    Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:3.3.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_maintenance:6.12::el8
        cpe:/a:redhat:satellite_utils:6.12::el8
        cpe:/a:redhat:satellite_capsule:6.12::el8
        cpe:/a:redhat:satellite:6.12::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2024-10-09 00:42
    Credits
    Red Hat would like to thank Sébastien Vecten for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T16:16:00.977132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:16:15.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://theforeman.org/",
              "defaultStatus": "unaffected",
              "packageName": "foreman",
              "versions": [
                {
                  "lessThan": "3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_maintenance:6.12::el8",
                "cpe:/a:redhat:satellite_utils:6.12::el8",
                "cpe:/a:redhat:satellite_capsule:6.12::el8",
                "cpe:/a:redhat:satellite:6.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.12 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite-utils:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank S\u00e9bastien Vecten for reporting this issue."
            }
          ],
          "datePublic": "2024-10-09T00:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product\u0027s API."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T07:31:26.304Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2022:8506",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2022:8506"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-6861"
            },
            {
              "name": "RHBZ#2317450",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317450"
            },
            {
              "url": "https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2"
            },
            {
              "url": "https://projects.theforeman.org/issues/34328"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-04T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-10-09T00:42:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue the GraphQL introspection feature must be disabled or the GraphQL API be disabled entirely.\n\nMalicious requests can also be filtered using a reverse proxy or directly in the web server configuration."
            }
          ],
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-6861",
        "datePublished": "2024-11-06T14:54:51.099Z",
        "dateReserved": "2024-07-17T20:36:00.703Z",
        "dateUpdated": "2025-11-20T07:31:26.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0118 (GCVE-0-2023-0118)

    Vulnerability from cvelistv5 – Published: 2023-09-20 13:39 – Updated: 2024-09-17 13:51
    VLAI
    Title
    Foreman: arbitrary code execution through templates
    Summary
    An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2023:4466 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:5979 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:5980 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2023:6818 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-0118 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2159291 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.11 for RHEL 7 Unaffected: 0:3.1.1.27-1.el7sat , < * (rpm)
        cpe:/a:redhat:satellite_capsule:6.11::el8
        cpe:/a:redhat:satellite_capsule:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el8
        cpe:/a:redhat:satellite:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el7
        cpe:/a:redhat:satellite:6.11::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.11 for RHEL 8 Unaffected: 0:3.1.1.27-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_capsule:6.11::el8
        cpe:/a:redhat:satellite_capsule:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el8
        cpe:/a:redhat:satellite:6.11::el7
        cpe:/a:redhat:satellite_utils:6.11::el7
        cpe:/a:redhat:satellite:6.11::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.12 for RHEL 8 Unaffected: 0:1.3.8-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.12::el8
        cpe:/a:redhat:satellite_capsule:6.12::el8
        cpe:/a:redhat:satellite_utils:6.12::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.13 for RHEL 8 Unaffected: 0:1.3.8-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_capsule:6.13::el8
        cpe:/a:redhat:satellite_utils:6.13::el8
        cpe:/a:redhat:satellite_maintenance:6.13::el8
        cpe:/a:redhat:satellite:6.13::el8
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.14 for RHEL 8 Unaffected: 0:3.7.0.9-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite_maintenance:6.14::el8
        cpe:/a:redhat:satellite_utils:6.14::el8
        cpe:/a:redhat:satellite:6.14::el8
        cpe:/a:redhat:satellite_capsule:6.14::el8
    Create a notification for this product.
    Date Public
    2023-03-12 00:00
    Credits
    Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:43.821Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:4466",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4466"
              },
              {
                "name": "RHSA-2023:5979",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5979"
              },
              {
                "name": "RHSA-2023:5980",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:5980"
              },
              {
                "name": "RHSA-2023:6818",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:6818"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-0118"
              },
              {
                "name": "RHBZ#2159291",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T18:09:30.819280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:51:28.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/theforeman/foreman",
              "defaultStatus": "affected",
              "packageName": "foreman"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el7sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el7sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.11::el8",
                "cpe:/a:redhat:satellite_capsule:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el8",
                "cpe:/a:redhat:satellite:6.11::el7",
                "cpe:/a:redhat:satellite_utils:6.11::el7",
                "cpe:/a:redhat:satellite:6.11::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.11 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1.27-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.12::el8",
                "cpe:/a:redhat:satellite_capsule:6.12::el8",
                "cpe:/a:redhat:satellite_utils:6.12::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-safemode",
              "product": "Red Hat Satellite 6.12 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.8-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_capsule:6.13::el8",
                "cpe:/a:redhat:satellite_utils:6.13::el8",
                "cpe:/a:redhat:satellite_maintenance:6.13::el8",
                "cpe:/a:redhat:satellite:6.13::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rubygem-safemode",
              "product": "Red Hat Satellite 6.13 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.8-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_maintenance:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8",
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.0.9-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite_maintenance:6.14::el8",
                "cpe:/a:redhat:satellite_utils:6.14::el8",
                "cpe:/a:redhat:satellite:6.14::el8",
                "cpe:/a:redhat:satellite_capsule:6.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.14 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.0.9-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
            }
          ],
          "datePublic": "2023-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:29.709Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:4466",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4466"
            },
            {
              "name": "RHSA-2023:5979",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5979"
            },
            {
              "name": "RHSA-2023:5980",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5980"
            },
            {
              "name": "RHSA-2023:6818",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:6818"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-0118"
            },
            {
              "name": "RHBZ#2159291",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-03-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: arbitrary code execution through templates",
          "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-0118",
        "datePublished": "2023-09-20T13:39:27.756Z",
        "dateReserved": "2023-01-09T13:21:05.016Z",
        "dateUpdated": "2024-09-17T13:51:28.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }