Multiple vulnerabilities in Red Hat Satellite 6.12
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-1292 CVE-2022-2068 CVE-2022-3874 CVE-2022-46648 CVE-2022-47318 CVE-2023-0118 CVE-2023-0462 CVE-2023-39325 CVE-2023-44487 |
| CWE-ID | CWE-78 CWE-94 CWE-400 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Vulnerability #9 is being exploited in the wild. |
| Vulnerable software Subscribe |
Red Hat Satellite Server applications / Other server solutions satellite (Red Hat package) Operating systems & Components / Operating system package or component foreman (Red Hat package) Operating systems & Components / Operating system package or component yggdrasil-worker-forwarder (Red Hat package) Operating systems & Components / Operating system package or component rubygem-git (Red Hat package) Operating systems & Components / Operating system package or component puppet-agent (Red Hat package) Operating systems & Components / Operating system package or component rubygem-safemode (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU62765
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1292
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
Install updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) OS Command Injection
EUVDB-ID: #VU64559
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2068
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
Install updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) OS Command Injection
EUVDB-ID: #VU82279
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3874
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing CoreOS and Fedora CoreOS configurations in templates in foreman. A remote user with administrative privileges can inject arbitrary OS commands into configuration templates and execute them on the system.
Install updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU70699
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46648
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can use a specially crafted filename and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Code Injection
EUVDB-ID: #VU70700
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47318
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can use a specially crafted filename and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) OS Command Injection
EUVDB-ID: #VU78931
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0118
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing templates . A remote privileged user can bypass safe mode and inject and execute arbitrary OS commands via the Report Templates function by modifying the "template" JSON value in the POST request.
Install updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Code Injection
EUVDB-ID: #VU82280
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0462
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Foreman component. A remote administrator can set global parameters with a YAML payload and execute arbitrary code on the system.
Install updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU82064
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39325
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Red Hat Satellite: before 6.12.5.2
satellite (Red Hat package): before 6.12.5.2-1.el8sat
foreman (Red Hat package): before 3.3.0.23-1.el8sat
yggdrasil-worker-forwarder (Red Hat package): before 0.0.3-1.el8sat
rubygem-git (Red Hat package): before 1.18.0-1.el8sat
puppet-agent (Red Hat package): before 7.26.0-3.el8sat
rubygem-safemode (Red Hat package): before 1.3.8-1.el8sat
External linkshttp://access.redhat.com/errata/RHSA-2023:5979
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
