Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2024-7700

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 3 months ago

Foreman: command injection in "host init config" template via "install packages" field on foreman

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.

References

https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-7700 vdb-entryx_refsource_REDHAT
RHBZ#2304090 x_refsource_REDHATissue-tracking

Affected products

foreman

Matching in nixpkgs

pkgs.foreman

Process manager for applications with multiple components

nixos-unstable 0.87.2
- nixpkgs-unstable 0.87.2
- nixos-unstable-small 0.87.2

pkgs.emacsPackages.foreman-mode

None

nixos-unstable 20170725.1422
- nixpkgs-unstable 20170725.1422
- nixos-unstable-small 20170725.1422

Package maintainers

@zimbatm zimbatm <zimbatm@zimbatm.com>