REDHAT-BUG-2304090: Command Injection
First published: Mon Aug 12 2024(Updated: )
A command injection vulnerability was identified in Foreman, affecting the "Host Init Config" template. The issue arises when commands are injected through the "Install Packages" field on the "Register Host" page. An attacker with elevated privileges on the Foreman server could craft malicious commands, which would be executed when the host is registered. This could lead to unauthorized actions.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| The Foreman |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2304090?
The severity of REDHAT-BUG-2304090 is categorized as high due to the command injection vulnerability.
How do I fix REDHAT-BUG-2304090?
To fix REDHAT-BUG-2304090, apply the latest security patches provided by Red Hat for Foreman.
What software is affected by REDHAT-BUG-2304090?
The affected software for REDHAT-BUG-2304090 is the Foreman application.
Who can exploit REDHAT-BUG-2304090?
An attacker with elevated privileges on the Foreman server can exploit REDHAT-BUG-2304090.
What specific feature in Foreman is impacted by REDHAT-BUG-2304090?
The 'Install Packages' field on the 'Register Host' page in Foreman is impacted by REDHAT-BUG-2304090.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-7700
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/foreman
- canonical/the foreman