CVE-2023-1832 – Improper authorization check in the server component
https://notcve.org/view.php?id=CVE-2023-1832
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. Se encontró una falla de control de acceso inadecuado en Candlepin. Un atacante puede crear datos pertenecientes a otro customer/tenant, lo que puede provocar una pérdida de confidencialidad y disponibilidad para el customer/tenant afectado. • https://access.redhat.com/security/cve/CVE-2023-1832 https://bugzilla.redhat.com/show_bug.cgi?id=2184364 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2023-4886 – Foreman: world readable file containing secrets
https://notcve.org/view.php?id=CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. Se encontró una vulnerabilidad de exposición de información confidencial en Foreman. Se descubrió que el contenido del archivo server.xml de Tomcat, que contiene contraseñas para el almacén de claves y el almacén de confianza de Candlepin, es legible en todo el mundo. • https://access.redhat.com/errata/RHSA-2023:7851 https://access.redhat.com/errata/RHSA-2024:1061 https://access.redhat.com/security/cve/CVE-2023-4886 https://bugzilla.redhat.com/show_bug.cgi?id=2230135 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-3874 – Os command injection via ct_command and fcct_command
https://notcve.org/view.php?id=CVE-2022-3874
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. Se encontró falla en inyección de comando en capataz. Esta falla permite a un usuario autenticado con privilegios de administrador en la instancia de foreman transpilar comandos a través de configuraciones de CoreOS y Fedora CoreOS en plantillas, lo que posiblemente resulte en la ejecución de comandos arbitrarios en el sistema operativo subyacente. • https://access.redhat.com/security/cve/CVE-2022-3874 https://bugzilla.redhat.com/show_bug.cgi?id=2140577 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-0118 – Foreman: arbitrary code execution through templates
https://notcve.org/view.php?id=CVE-2023-0118
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. Se encontró una falla en la ejecución de código arbitrario en Foreman. Esta falla permite a un usuario administrador omitir el modo seguro en las plantillas y ejecutar código arbitrario en el sistema operativo subyacente. • https://access.redhat.com/errata/RHSA-2023:4466 https://access.redhat.com/errata/RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5980 https://access.redhat.com/errata/RHSA-2023:6818 https://access.redhat.com/security/cve/CVE-2023-0118 https://bugzilla.redhat.com/show_bug.cgi?id=2159291 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-0119 – Foreman: stored cross-site scripting in host tab
https://notcve.org/view.php?id=CVE-2023-0119
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. Se encontró una vulnerabilidad de Cross-Site Scripting almacenada en foreman. La sección Comment en la pestaña Hosts tiene un filtrado incorrecto de los datos de entrada del usuario. • https://access.redhat.com/errata/RHSA-2023:3387 https://access.redhat.com/errata/RHSA-2023:6818 https://access.redhat.com/security/cve/CVE-2023-0119 https://bugzilla.redhat.com/show_bug.cgi?id=2159104 https://projects.theforeman.org/issues/35977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •