Actions
Bug #38885
closed
CVE-2025-10622: OS command injection via ct_location and fcct_location parameters
Difficulty:
Triaged:
No
Description
A command injection vulnerability was found in Foreman 3.12.0. The whitelist for CoreOS Transpiler Command (ct_location) and Fedora CoreOS Transpiler Command (fcct_location) is only enforced
client-side, not server-side. This allows authenticated users with edit_settings permissions to bypass safe mode rendering and execute arbitrary commands on the underlying OS.
Updated by Ondřej Gajdušek 3 months ago
- Category set to Security
- Assignee set to Ondřej Gajdušek
- Priority changed from Normal to Immediate
- Target version set to 3.17.0
- Red Hat JIRA set to SAT-38820
- Fixed in Releases 3.17.0 added
Updated by The Foreman Bot 3 months ago
- Status changed from New to Ready For Testing
Updated by The Foreman Bot 3 months ago
- Pull request https://github.com/theforeman/foreman/pull/10751 added
Updated by The Foreman Bot 3 months ago
- Pull request https://github.com/theforeman/foreman/pull/10752 added
Updated by Evgeni Golov 3 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|49dd22221ed4ba4d7687e3e7406d8ae975a2ffa9.
Updated by The Foreman Bot 2 months ago
- Pull request https://github.com/theforeman/foreman/pull/10762 added
Actions