Arbitrary Code Execution The advisory has been revoked - it doesn't affect any version of package foreman_maintain Open this link in a new tab
Threat Intelligence
EPSS
0.05% (20th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-FOREMANMAINTAIN-3368242
- published 22 Mar 2023
- disclosed 21 Mar 2023
- credit Unknown
Introduced: 21 Mar 2023
CVE-2023-0462 Open this link in a new tabHow to fix?
There is no fixed version for foreman_maintain
.
Amendment
This was deemed not a vulnerability.
Overview
foreman_maintain is a which provides various features that help keep the Foreman/Satellite up and running.
Affected versions of this package are vulnerable to Arbitrary Code Execution by creating a Yaml global parameter under Configure
->Global Parameters
, which contains a crafted payload. Exploiting this vulnerability is possible by an admin user.