Bug 2162972 - Satellite/Foreman: Arbitrary code execution via Provisioning Settings
Summary: Satellite/Foreman: Arbitrary code execution via Provisioning Settings
Keywords:
Status: CLOSED DUPLICATE of bug 2140577
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2162974 2163695
Blocks: 2162363
TreeView+ depends on / blocked
 
Reported: 2023-01-22 14:02 UTC by ybuenos
Modified: 2023-10-19 12:40 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to execute arbitrary code on the underlying operating system by editing the Transpiler Command in Provisioning Settings.
Clone Of:
Environment:
Last Closed: 2023-01-24 09:41:49 UTC
Embargoed:


Attachments (Terms of Use)

Description ybuenos 2023-01-22 14:02:57 UTC
Byc editing the CoreOS Transpiler Command in Provisioning Settings with "/bin/bash,/dev/stdin" value, and filling a template body within the template renderer with a command payload, an attacker with admin privileges on the foreman instance can execute arbitrary code on the underlying operating system.

Comment 3 ybuenos 2023-01-24 09:41:49 UTC

*** This bug has been marked as a duplicate of bug 2140577 ***


Note You need to log in before you can comment on or make changes to this bug.