Bug #36759: CVE-2022-3874: OS command injection via ct_command and fcct_command - Foreman

Actions

Copy link

Bug #36759

closed

CVE-2022-3874: OS command injection via ct_command and fcct_command

Added by Evgeni Golov over 1 year ago. Updated about 1 year ago.

Status:

Closed

Priority:

High

Assignee:

Evgeni Golov

Category:

Settings

Target version:

3.8.0

Difficulty:

Triaged:

Bugzilla link:

2163695

Pull request:

https://github.com/theforeman/foreman/pull/9836, https://github.com/theforeman/foreman/pull/9845

Fixed in Releases:

3.8.0

Found in Releases:

Red Hat JIRA:

Description

the ct_command and fcct_command settings allow authenticated users to execute arbitrary commands on the server. These commands are used to transpile CoreOS and Fedora CoreOS configurations in templates. Changing the command requires admin privileges on the Foreman instance.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #36759

CVE-2022-3874: OS command injection via ct_command and fcct_command

Updated by The Foreman Bot over 1 year ago

Updated by Evgeni Golov about 1 year ago

Updated by The Foreman Bot about 1 year ago

Updated by Evgeni Golov about 1 year ago

Updated by The Foreman Bot about 1 year ago

Updated by Evgeni Golov about 1 year ago