Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7700

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.

Published

2024-08-12T17:15:18.607

Last Modified

2024-09-16T14:20:21.087

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	theforeman	foreman	-	Yes
Application	theforeman	foreman	-	Yes
Application	redhat	satellite	6.0	No

References

https://access.redhat.com/security/cve/CVE-2024-7700 Third Party Advisory, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2304090 Issue Tracking, Third Party Advisory ([email protected])