CVE-2023-0462 HIGH

CVE-2023-0462: Arbitrary code execution through yaml global parameters

Vendor N/A
Product foreman
Weakness CWE-94 · Code injection
Published September 20, 2023
Last update September 24, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

Key dates

02Disclosure timeline

September 20, 2023 CVE published
September 24, 2024 Record updated