Bug 2351092 (CVE-2025-2157)

Summary: CVE-2025-2157 foreman: Disclosure of Executed Commands and Outputs in Foreman / Red Hat Satellite
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ehelms, ggainey, juwatts, mhulan, nmoumoul, pcreech, rchan, security-response-team, smallamp
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-03-10 12:24:32 UTC 
A flaw was found in Foreman / Red Hat Satellite, where temporary files created under /var/tmp during job execution have improper permissions. This allows low-privileged OS users to access and read command execution outputs, potentially exposing sensitive information such as system credentials or configuration details before the temporary files are deleted.This vulnerability does not grant direct privilege escalation but increases the risk of information disclosure, which could be leveraged in further attacks.