Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Red Hat Satellite 6.12 for RHEL 8 by Red Hat
CVE-2024-6861 (GCVE-0-2024-6861)
Vulnerability from nvd – Published: 2024-11-06 14:54 – Updated: 2025-11-20 07:31
VLAI
Title
Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
Summary
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:8506 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-6861 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317450 | issue-trackingx_refsource_REDHAT |
| https://docs.theforeman.org/3.3/Release_Notes/ind… | |
| https://projects.theforeman.org/issues/34328 |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 3.3
(semver)
|
|||
| Red Hat | Red Hat Satellite 6.12 for RHEL 8 |
Unaffected:
0:3.3.0.17-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_maintenance:6.12::el8 cpe:/a:redhat:satellite_utils:6.12::el8 cpe:/a:redhat:satellite_capsule:6.12::el8 cpe:/a:redhat:satellite:6.12::el8 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
Date Public
2024-10-09 00:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:16:00.977132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:16:15.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://theforeman.org/",
"defaultStatus": "unaffected",
"packageName": "foreman",
"versions": [
{
"lessThan": "3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.12::el8",
"cpe:/a:redhat:satellite_utils:6.12::el8",
"cpe:/a:redhat:satellite_capsule:6.12::el8",
"cpe:/a:redhat:satellite:6.12::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.12 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.0.17-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite-capsule:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite-utils:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank S\u00e9bastien Vecten for reporting this issue."
}
],
"datePublic": "2024-10-09T00:42:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product\u0027s API."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T07:31:26.304Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2022:8506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2022:8506"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6861"
},
{
"name": "RHBZ#2317450",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317450"
},
{
"url": "https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2"
},
{
"url": "https://projects.theforeman.org/issues/34328"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-04T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-09T00:42:00.000Z",
"value": "Made public."
}
],
"title": "Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue the GraphQL introspection feature must be disabled or the GraphQL API be disabled entirely.\n\nMalicious requests can also be filtered using a reverse proxy or directly in the web server configuration."
}
],
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-6861",
"datePublished": "2024-11-06T14:54:51.099Z",
"dateReserved": "2024-07-17T20:36:00.703Z",
"dateUpdated": "2025-11-20T07:31:26.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0118 (GCVE-0-2023-0118)
Vulnerability from nvd – Published: 2023-09-20 13:39 – Updated: 2024-09-17 13:51
VLAI
Title
Foreman: arbitrary code execution through templates
Summary
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:4466 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:5979 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:5980 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:6818 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-0118 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2159291 | issue-trackingx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6.11 for RHEL 7 |
Unaffected:
0:3.1.1.27-1.el7sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.11::el8 cpe:/a:redhat:satellite_capsule:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el8 cpe:/a:redhat:satellite:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el7 cpe:/a:redhat:satellite:6.11::el8 |
|
| Red Hat | Red Hat Satellite 6.11 for RHEL 8 |
Unaffected:
0:3.1.1.27-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.11::el8 cpe:/a:redhat:satellite_capsule:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el8 cpe:/a:redhat:satellite:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el7 cpe:/a:redhat:satellite:6.11::el8 |
|
| Red Hat | Red Hat Satellite 6.12 for RHEL 8 |
Unaffected:
0:1.3.8-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.12::el8 cpe:/a:redhat:satellite_capsule:6.12::el8 cpe:/a:redhat:satellite_utils:6.12::el8 |
|
| Red Hat | Red Hat Satellite 6.13 for RHEL 8 |
Unaffected:
0:1.3.8-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite_maintenance:6.13::el8 cpe:/a:redhat:satellite:6.13::el8 |
|
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 |
Unaffected:
0:3.7.0.9-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_maintenance:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 |
Date Public
2023-03-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:09:30.819280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:51:28.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/theforeman/foreman",
"defaultStatus": "affected",
"packageName": "foreman"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.12::el8",
"cpe:/a:redhat:satellite_capsule:6.12::el8",
"cpe:/a:redhat:satellite_utils:6.12::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.12 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.13::el8",
"cpe:/a:redhat:satellite_utils:6.13::el8",
"cpe:/a:redhat:satellite_maintenance:6.13::el8",
"cpe:/a:redhat:satellite:6.13::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.13 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
}
],
"datePublic": "2023-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:32:29.709Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-12T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-12T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Foreman: arbitrary code execution through templates",
"x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0118",
"datePublished": "2023-09-20T13:39:27.756Z",
"dateReserved": "2023-01-09T13:21:05.016Z",
"dateUpdated": "2024-09-17T13:51:28.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6861 (GCVE-0-2024-6861)
Vulnerability from cvelistv5 – Published: 2024-11-06 14:54 – Updated: 2025-11-20 07:31
VLAI
Title
Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
Summary
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2022:8506 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-6861 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317450 | issue-trackingx_refsource_REDHAT |
| https://docs.theforeman.org/3.3/Release_Notes/ind… | |
| https://projects.theforeman.org/issues/34328 |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 3.3
(semver)
|
|||
| Red Hat | Red Hat Satellite 6.12 for RHEL 8 |
Unaffected:
0:3.3.0.17-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_maintenance:6.12::el8 cpe:/a:redhat:satellite_utils:6.12::el8 cpe:/a:redhat:satellite_capsule:6.12::el8 cpe:/a:redhat:satellite:6.12::el8 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
Date Public
2024-10-09 00:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:16:00.977132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:16:15.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://theforeman.org/",
"defaultStatus": "unaffected",
"packageName": "foreman",
"versions": [
{
"lessThan": "3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.12::el8",
"cpe:/a:redhat:satellite_utils:6.12::el8",
"cpe:/a:redhat:satellite_capsule:6.12::el8",
"cpe:/a:redhat:satellite:6.12::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.12 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.0.17-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite-capsule:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite-utils:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank S\u00e9bastien Vecten for reporting this issue."
}
],
"datePublic": "2024-10-09T00:42:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product\u0027s API."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T07:31:26.304Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2022:8506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2022:8506"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6861"
},
{
"name": "RHBZ#2317450",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317450"
},
{
"url": "https://docs.theforeman.org/3.3/Release_Notes/index-katello.html#_foreman_2"
},
{
"url": "https://projects.theforeman.org/issues/34328"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-04T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-09T00:42:00.000Z",
"value": "Made public."
}
],
"title": "Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue the GraphQL introspection feature must be disabled or the GraphQL API be disabled entirely.\n\nMalicious requests can also be filtered using a reverse proxy or directly in the web server configuration."
}
],
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-6861",
"datePublished": "2024-11-06T14:54:51.099Z",
"dateReserved": "2024-07-17T20:36:00.703Z",
"dateUpdated": "2025-11-20T07:31:26.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0118 (GCVE-0-2023-0118)
Vulnerability from cvelistv5 – Published: 2023-09-20 13:39 – Updated: 2024-09-17 13:51
VLAI
Title
Foreman: arbitrary code execution through templates
Summary
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:4466 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:5979 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:5980 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:6818 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-0118 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2159291 | issue-trackingx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6.11 for RHEL 7 |
Unaffected:
0:3.1.1.27-1.el7sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.11::el8 cpe:/a:redhat:satellite_capsule:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el8 cpe:/a:redhat:satellite:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el7 cpe:/a:redhat:satellite:6.11::el8 |
|
| Red Hat | Red Hat Satellite 6.11 for RHEL 8 |
Unaffected:
0:3.1.1.27-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.11::el8 cpe:/a:redhat:satellite_capsule:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el8 cpe:/a:redhat:satellite:6.11::el7 cpe:/a:redhat:satellite_utils:6.11::el7 cpe:/a:redhat:satellite:6.11::el8 |
|
| Red Hat | Red Hat Satellite 6.12 for RHEL 8 |
Unaffected:
0:1.3.8-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.12::el8 cpe:/a:redhat:satellite_capsule:6.12::el8 cpe:/a:redhat:satellite_utils:6.12::el8 |
|
| Red Hat | Red Hat Satellite 6.13 for RHEL 8 |
Unaffected:
0:1.3.8-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.13::el8 cpe:/a:redhat:satellite_utils:6.13::el8 cpe:/a:redhat:satellite_maintenance:6.13::el8 cpe:/a:redhat:satellite:6.13::el8 |
|
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 |
Unaffected:
0:3.7.0.9-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_maintenance:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 |
Date Public
2023-03-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:09:30.819280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:51:28.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/theforeman/foreman",
"defaultStatus": "affected",
"packageName": "foreman"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el7sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.11::el8",
"cpe:/a:redhat:satellite_capsule:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el8",
"cpe:/a:redhat:satellite:6.11::el7",
"cpe:/a:redhat:satellite_utils:6.11::el7",
"cpe:/a:redhat:satellite:6.11::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.11 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.1.27-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.12::el8",
"cpe:/a:redhat:satellite_capsule:6.12::el8",
"cpe:/a:redhat:satellite_utils:6.12::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.12 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.13::el8",
"cpe:/a:redhat:satellite_utils:6.13::el8",
"cpe:/a:redhat:satellite_maintenance:6.13::el8",
"cpe:/a:redhat:satellite:6.13::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-safemode",
"product": "Red Hat Satellite 6.13 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.0.9-1.el8sat",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue."
}
],
"datePublic": "2023-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:32:29.709Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:4466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4466"
},
{
"name": "RHSA-2023:5979",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5979"
},
{
"name": "RHSA-2023:5980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5980"
},
{
"name": "RHSA-2023:6818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6818"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0118"
},
{
"name": "RHBZ#2159291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-12T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-12T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Foreman: arbitrary code execution through templates",
"x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0118",
"datePublished": "2023-09-20T13:39:27.756Z",
"dateReserved": "2023-01-09T13:21:05.016Z",
"dateUpdated": "2024-09-17T13:51:28.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}