Multiple vulnerabilities in Red Hat Satellite



| Updated: 2024-12-06
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2022-1292
CVE-2022-2068
CVE-2022-24439
CVE-2022-46648
CVE-2022-47318
CVE-2023-31047
CVE-2023-36053
CVE-2023-39325
CVE-2023-40267
CVE-2023-44487
CVE-2022-3874
CVE-2023-0462
CWE-ID CWE-78
CWE-94
CWE-434
CWE-1333
CWE-400
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerability #10 is being exploited in the wild.
Vulnerable software
Red Hat Satellite
Server applications / Other server solutions

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

yggdrasil-worker-forwarder (Red Hat package)
Operating systems & Components / Operating system package or component

satellite (Red Hat package)
Operating systems & Components / Operating system package or component

rubygem-katello (Red Hat package)
Operating systems & Components / Operating system package or component

rubygem-git (Red Hat package)
Operating systems & Components / Operating system package or component

rubygem-foreman_theme_satellite (Red Hat package)
Operating systems & Components / Operating system package or component

rubygem-foreman_rh_cloud (Red Hat package)
Operating systems & Components / Operating system package or component

rubygem-foreman_maintain (Red Hat package)
Operating systems & Components / Operating system package or component

python-pulpcore (Red Hat package)
Operating systems & Components / Operating system package or component

python-gitpython (Red Hat package)
Operating systems & Components / Operating system package or component

python-django (Red Hat package)
Operating systems & Components / Operating system package or component

puppet-agent (Red Hat package)
Operating systems & Components / Operating system package or component

pulpcore-selinux (Red Hat package)
Operating systems & Components / Operating system package or component

foreman-installer (Red Hat package)
Operating systems & Components / Operating system package or component

foreman (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Code Injection

EUVDB-ID: #VU79630

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-24439

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when handling URL. A remote unauthenticated attacker can pass specially crafted data to the application and inject a maliciously crafted remote URL into the clone command.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Code Injection

EUVDB-ID: #VU70699

Risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-46648

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote user can use a specially crafted filename and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Code Injection

EUVDB-ID: #VU70700

Risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-47318

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote user can use a specially crafted filename and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Arbitrary file upload

EUVDB-ID: #VU75707

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-31047

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application does not perform validation of files when using one form field for uploading multiple files. A remote attacker can upload a malicious file and execute it on the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Inefficient regular expression complexity

EUVDB-ID: #VU77880

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-36053

CWE-ID: CWE-1333 - Inefficient Regular Expression Complexity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions within EmailValidator and URLValidator. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU82064

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39325

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU79631

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-40267

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and compromise the affected system.

Note, the vulnerability exists due to incomplete fix for CVE-2022-24439.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU81728

Risk: High

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2023-44487

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

11) OS Command Injection

EUVDB-ID: #VU82279

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3874

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing CoreOS and Fedora CoreOS configurations in templates in foreman. A remote user with administrative privileges can inject arbitrary OS commands into configuration templates and execute them on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Code Injection

EUVDB-ID: #VU82280

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0462

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Foreman component. A remote administrator can set global parameters with a YAML payload and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Satellite: 6.13 - 6.13.4

Red Hat Enterprise Linux for x86_64: 8.0

yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat

satellite (Red Hat package): before 6.13.5-1.el8sat

rubygem-katello (Red Hat package): before 4.7.0.33-1.el8sat

rubygem-git (Red Hat package): before 1.18.0-1.el8sat

rubygem-foreman_theme_satellite (Red Hat package): before 11.0.0.6-1.el8sat

rubygem-foreman_rh_cloud (Red Hat package): before 7.0.48-1.el8sat

rubygem-foreman_maintain (Red Hat package): before 1.2.12-1.el8sat

python-pulpcore (Red Hat package): before 3.21.18-1.el8pc

python-gitpython (Red Hat package): before 3.1.32-1.el8pc

python-django (Red Hat package): before 3.2.21-1.el8pc

puppet-agent (Red Hat package): before 7.26.0-3.el8sat

pulpcore-selinux (Red Hat package): before 1.3.3-1.el8pc

foreman-installer (Red Hat package): before 3.5.2.4-1.el8sat

foreman (Red Hat package): before 3.5.1.23-1.el8sat

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2023:5931


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###