2351092 – (CVE-2025-2157) CVE-2025-2157 foreman: Disclosure of Executed Commands and Outputs in Foreman / Red Hat Satellite

Bug 2351092 (CVE-2025-2157) - CVE-2025-2157 foreman: Disclosure of Executed Commands and Outputs in Foreman / Red Hat Satellite

Summary: CVE-2025-2157 foreman: Disclosure of Executed Commands and Outputs in Foreman...

Keywords:
Status:	NEW
Alias:	CVE-2025-2157
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-10 12:24 UTC by OSIDB Bzimport
Modified:	2025-03-13 18:02 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-10 12:24:32 UTC

A flaw was found in Foreman / Red Hat Satellite, where temporary files created under /var/tmp during job execution have improper permissions. This allows low-privileged OS users to access and read command execution outputs, potentially exposing sensitive information such as system credentials or configuration details before the temporary files are deleted.This vulnerability does not grant direct privilege escalation but increases the risk of information disclosure, which could be leveraged in further attacks.

Note You need to log in before you can comment on or make changes to this bug.