CVE-2022-3874 HIGH

CVE-2022-3874: Os command injection via ct_command and fcct_command

Vendor N/A

Product foreman

Weakness CWE-78

Published September 22, 2023

Last update September 24, 2024

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

Key dates

02Disclosure timeline

September 22, 2023 CVE published

September 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3874

Related vulnerabilities

Identifiers

CVE CVE-2022-3874

CWE CWE-78

CVSS 8.0 / HIGH

Affected versions

Vendor N/A

Product foreman

Affected All versions

Vendor Red Hat

Product Red Hat Satellite 6

Affected All versions

CVE-2022-3874: Os command injection via ct_command and fcct_command

01Description

02Disclosure timeline

03References

04Related CVE