Bug #38885: CVE-2025-10622: OS command injection via ct_location and fcct_location parameters - Foreman

Actions

Copy link

Bug #38885

closed

CVE-2025-10622: OS command injection via ct_location and fcct_location parameters

Added by Ondřej Gajdušek 3 months ago. Updated 2 months ago.

Status:

Closed

Priority:

Immediate

Assignee:

Ondřej Gajdušek

Category:

Security

Target version:

3.17.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/10750, https://github.com/theforeman/foreman/pull/10751, https://github.com/theforeman/foreman/pull/10752, https://github.com/theforeman/foreman/pull/10762

Fixed in Releases:

3.15.1, 3.16.1, 3.17.0

Found in Releases:

Red Hat JIRA:

SAT-38820

Description

A command injection vulnerability was found in Foreman 3.12.0. The whitelist for CoreOS Transpiler Command (ct_location) and Fedora CoreOS Transpiler Command (fcct_location) is only enforced
client-side, not server-side. This allows authenticated users with edit_settings permissions to bypass safe mode rendering and execute arbitrary commands on the underlying OS.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #38885

CVE-2025-10622: OS command injection via ct_location and fcct_location parameters

Updated by Ondřej Gajdušek 3 months ago

Updated by The Foreman Bot 3 months ago

Updated by The Foreman Bot 3 months ago

Updated by The Foreman Bot 3 months ago

Updated by Evgeni Golov 3 months ago

Updated by The Foreman Bot 2 months ago

Updated by The Foreman Bot 2 months ago

Updated by The Foreman Bot 2 months ago