Os command injection via ct_command and fcct_command
CVE-2022-3874

8HIGH

Key Information:

Vendor: Red Hat
Status: Foreman; Red Hat Satellite 6
Vendor: CVE Published:; 22 September 2023

Summary

A command injection vulnerability has been identified in Foreman, enabling an authenticated user with admin privileges to execute arbitrary commands through CoreOS and Fedora CoreOS templates. This issue can potentially compromise the underlying operating system, making it crucial for administrators to apply necessary updates and mitigate risks associated with this flaw.

References

https://access.redhat.com/security/cve/CVE-2022-3874

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2140577

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 22, 2023
Vulnerability Reserved
Nov 7, 2022

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Andrew Danau (Onsec.io) and Evgeni Golov (Red Hat).