- Vulnerability/
- REDHAT-BUG-1629063
REDHAT-BUG-1629063
First published: Fri Sep 14 2018(Updated: )
A vulnerability was discovered in the Foreman Remote Execution feature, allowing an unauthorized remote attacker to perform arbitrary code execution on managed hosts. The issue affects the component smart_proxy_dynflow 0.1.8 and later (Foreman >= 1.15, Satellite >= 6.3) Introducing commit: <a href="https://github.com/theforeman/smart_proxy_dynflow/commit/cb7b0b5c9b602f737ab4c6e9fb47c158241cf49c#diff-6dee70f4339cfc3dd8cedfc2a34f14c2">https://github.com/theforeman/smart_proxy_dynflow/commit/cb7b0b5c9b602f737ab4c6e9fb47c158241cf49c#diff-6dee70f4339cfc3dd8cedfc2a34f14c2</a> References: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2018-14643 rubygem-smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature [rhn_satellite_6.3]" href="show_bug.cgi?id=1629003">https://bugzilla.redhat.com/show_bug.cgi?id=1629003</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| The Foreman | >=0.1.8 | |
| The Foreman | >=1.15 | |
| Red Hat Satellite with Embedded Oracle | >=6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/theforeman/smart_proxy_dynflow/commit/cb7b0b5c9b602f737ab4c6e9fb47c158241cf49c#diff-6dee70f4339cfc3dd8cedfc2a34f14c2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1629003
- https://access.redhat.com/errata/RHSA-2018:2733
- https://github.com/theforeman/smart_proxy_dynflow/pull/54
- https://bugzilla.redhat.com/show_bug.cgi?id=1629063
Frequently Asked Questions
What is the severity of REDHAT-BUG-1629063?
The severity of REDHAT-BUG-1629063 is classified as critical due to the possibility of arbitrary code execution by an unauthorized remote attacker.
How do I fix REDHAT-BUG-1629063?
To fix REDHAT-BUG-1629063, update the smart_proxy_dynflow component to a version later than 0.1.8 and ensure your Foreman or Satellite installation is also updated to the recommended versions.
Which versions are affected by REDHAT-BUG-1629063?
REDHAT-BUG-1629063 affects smart_proxy_dynflow version 0.1.8 and later, as well as Foreman version 1.15 and later, and Satellite version 6.3 and later.
What component is vulnerable in REDHAT-BUG-1629063?
The vulnerable component in REDHAT-BUG-1629063 is the smart_proxy_dynflow feature related to the Foreman Remote Execution.
What type of attack is demonstrated by REDHAT-BUG-1629063?
REDHAT-BUG-1629063 demonstrates an arbitrary code execution attack, allowing remote attackers to run malicious code on managed hosts.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-14643
- agent/source
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/the foreman
- canonical/the foreman
- vendor/red hat
- canonical/red hat satellite with embedded oracle