Bug #36759: CVE-2022-3874: OS command injection via ct_command and fcct_command - Foreman

Actions

Copy link

Bug #36759

closed

CVE-2022-3874: OS command injection via ct_command and fcct_command

Added by Evgeni Golov 10 months ago. Updated 9 months ago.

Status:

Closed

Priority:

High

Assignee:

Evgeni Golov

Category:

Settings

Target version:

3.8.0

Difficulty:

Triaged:

Bugzilla link:

2163695

Pull request:

https://github.com/theforeman/foreman/pull/9836, https://github.com/theforeman/foreman/pull/9845

Fixed in Releases:

3.8.0

Found in Releases:

Red Hat JIRA:

Description

the ct_command and fcct_command settings allow authenticated users to execute arbitrary commands on the server. These commands are used to transpile CoreOS and Fedora CoreOS configurations in templates. Changing the command requires admin privileges on the Foreman instance.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #36759

CVE-2022-3874: OS command injection via ct_command and fcct_command

Updated by The Foreman Bot 10 months ago

Updated by Evgeni Golov 9 months ago

Updated by The Foreman Bot 9 months ago

Updated by Evgeni Golov 9 months ago

Updated by The Foreman Bot 9 months ago

Updated by Evgeni Golov 9 months ago