{
  "threat_severity" : "Important",
  "public_date" : "2023-03-12T00:00:00Z",
  "bugzilla" : {
    "description" : "Foreman: Arbitrary code execution through templates",
    "id" : "2159291",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2159291"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-78",
  "details" : [ "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.", "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system." ],
  "acknowledgement" : "Red Hat would like to thank Andrew Danau (Onsec.io) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.11 for RHEL 7",
    "release_date" : "2023-10-20T00:00:00Z",
    "advisory" : "RHSA-2023:5980",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.11::el7",
    "package" : "foreman-0:3.1.1.27-1.el7sat"
  }, {
    "product_name" : "Red Hat Satellite 6.11 for RHEL 8",
    "release_date" : "2023-10-20T00:00:00Z",
    "advisory" : "RHSA-2023:5980",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.11::el8",
    "package" : "foreman-0:3.1.1.27-1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.12 for RHEL 8",
    "release_date" : "2023-10-20T00:00:00Z",
    "advisory" : "RHSA-2023:5979",
    "cpe" : "cpe:/a:redhat:satellite:6.12::el8",
    "package" : "rubygem-safemode-0:1.3.8-1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.13 for RHEL 8",
    "release_date" : "2023-08-03T00:00:00Z",
    "advisory" : "RHSA-2023:4466",
    "cpe" : "cpe:/a:redhat:satellite:6.13::el8",
    "package" : "rubygem-safemode-0:1.3.8-1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.14 for RHEL 8",
    "release_date" : "2023-11-08T00:00:00Z",
    "advisory" : "RHSA-2023:6818",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.14::el8",
    "package" : "foreman-0:3.7.0.9-1.el8sat"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-0118\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0118" ],
  "name" : "CVE-2023-0118",
  "csaw" : false
}