2140577 – (CVE-2022-3874) CVE-2022-3874 foreman: OS command injection via ct_command and fcct_command

Bug 2140577 (CVE-2022-3874) - CVE-2022-3874 foreman: OS command injection via ct_command and fcct_command

Summary: CVE-2022-3874 foreman: OS command injection via ct_command and fcct_command

Keywords:
Status:	NEW
Alias:	CVE-2022-3874
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2162972 (view as bug list)
Depends On:	2141267 2144841 2144846 2163694 2163695 2241804
Blocks:	2139519 2162363
TreeView+	depends on / blocked

Reported:	2022-11-07 10:02 UTC by ybuenos
Modified:	2023-12-31 12:50 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	36759	High	Closed	CVE-2022-3874: OS command injection via ct_command and fcct_command	2023-10-02 19:57:01 UTC
Red Hat Product Errata	RHSA-2023:5931	None	None	None	2023-10-19 13:13:03 UTC
Red Hat Product Errata	RHSA-2023:5979	None	None	None	2023-10-20 18:43:15 UTC
Red Hat Product Errata	RHSA-2023:6818	None	None	None	2023-11-08 14:16:56 UTC

Description ybuenos 2022-11-07 10:02:17 UTC

In the Foreman component of Satellite, the ct_command and fcct_command settings allow authenticated users to execute arbitrary commands on the server. These commands are used to transpile CoreOS and Fedora CoreOS configurations in templates. Changing the command requires admin privileges on the Foreman instance.

Comment 3 ybuenos 2023-01-24 09:41:49 UTC

*** Bug 2162972 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2023-10-19 13:13:02 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2023:5931 https://access.redhat.com/errata/RHSA-2023:5931

Comment 10 errata-xmlrpc 2023-10-20 18:43:13 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.12 for RHEL 8

Via RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5979

Comment 11 errata-xmlrpc 2023-11-08 14:16:54 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818

Note You need to log in before you can comment on or make changes to this bug.