An admin user on Foreman can bypass safe mode in templates and execute arbitrary code via the Report Templates function. When changing the "template" JSON value in the POST request, an attacker can exploit the bind() call in safemode to inject an OS command in the underlying operating system.
This issue has been addressed in the following products: Red Hat Satellite 6.13 for RHEL 8 Via RHSA-2023:4466 https://access.redhat.com/errata/RHSA-2023:4466
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0118
This issue has been addressed in the following products: Red Hat Satellite 6.12 for RHEL 8 Via RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5979
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2023:5980 https://access.redhat.com/errata/RHSA-2023:5980
This issue has been addressed in the following products: Red Hat Satellite 6.14 for RHEL 8 Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818