A vulnerability was discovered in the Foreman Remote Execution feature, allowing an unauthorized remote attacker to perform arbitrary code execution on managed hosts. The issue affects the component smart_proxy_dynflow 0.1.8 and later (Foreman >= 1.15, Satellite >= 6.3)
Disable Smart Proxy Dynflow by setting the :enabled: option to false in the /etc/foreman-proxy/settings.d/dynflow.yml file.
Name: Ivan Necas (Red Hat)
This issue has been addressed in the following products:
Red Hat Satellite 6.3 for RHEL 7
Via RHSA-2018:2733 https://access.redhat.com/errata/RHSA-2018:2733
Is there an upstream fix?