Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:5979
HistoryOct 20, 2023 - 6:38 p.m.

(RHSA-2023:5979) Important: Satellite 6.12.5.2 Async Security Update

2023-10-2018:38:33
access.redhat.com
17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.739 High

EPSS

Percentile

98.1%

JSON

Red Hat Satellite is a system management solution that allows organizations to
configure and maintain their systems without the necessity to provide public
Internet access to their servers or other client systems. It performs
provisioning and configuration management of predefined standard operating
environments.

Security fix(es):

foreman: Arbitrary code execution through templates

foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters

foreman: OS command injection via ct_command and fcct_command

puppet-agent for Satellite and Capsule: various flaws

tfm-rubygem-git: ruby-git: code injection vulnerability

rubygem-git: ruby-git: code injection vulnerability

yggdrasil-worker-forwarder: various flaws

This update fixes the following bugs:

2159656 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.12]
2163524 - CVE-2023-0462 foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters [rhn_satellite_6.12]
2163694 - CVE-2022-3874 foreman: OS command injection via ct_command and fcct_command [rhn_satellite_6.12]
2242354 - CVE-2022-1292 CVE-2022-2068 puppet-agent for Satellite and Capsule: various flaws [rhn_satellite_6.12]
2242359 - CVE-2022-47318 tfm-rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.12]
2242362 - CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.12]
2243833 - [Major Incident] CVE-2023-39325 CVE-2023-44487 yggdrasil-worker-forwarder: various flaws [rhn_satellite_6.12]

Users of Red Hat Satellite are advised to upgrade to these updated packages,
which fix these bugs.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchforeman< 3.3.0.23-1.el8satforeman-3.3.0.23-1.el8sat.noarch.rpm
RedHat8noarchsatellite< 6.12.5.2-1.el8satsatellite-6.12.5.2-1.el8sat.noarch.rpm
RedHat8noarchforeman-debug< 3.3.0.23-1.el8satforeman-debug-3.3.0.23-1.el8sat.noarch.rpm
RedHat8noarchforeman-ovirt< 3.3.0.23-1.el8satforeman-ovirt-3.3.0.23-1.el8sat.noarch.rpm
RedHat8noarchforeman-vmware< 3.3.0.23-1.el8satforeman-vmware-3.3.0.23-1.el8sat.noarch.rpm
RedHat8noarchforeman-service< 3.3.0.23-1.el8satforeman-service-3.3.0.23-1.el8sat.noarch.rpm
RedHat8x86_64yggdrasil-worker-forwarder< 0.0.3-1.el8satyggdrasil-worker-forwarder-0.0.3-1.el8sat.x86_64.rpm
RedHat8noarchforeman-cli< 3.3.0.23-1.el8satforeman-cli-3.3.0.23-1.el8sat.noarch.rpm
RedHat8noarchforeman-postgresql< 3.3.0.23-1.el8satforeman-postgresql-3.3.0.23-1.el8sat.noarch.rpm
RedHat8noarchforeman-openstack< 3.3.0.23-1.el8satforeman-openstack-3.3.0.23-1.el8sat.noarch.rpm
Rows per page:
1-10 of 221

Related

redhat 44
jvn 1
debiancve 3
osv 15
ubuntucve 4
nessus 61
cve 3
mageia 1
prion 3
github 2
openvas 22
debian 1
f5 1
suse 4
cloudlinux 1
altlinux 2
amazon 3
alpinelinux 1
slackware 2
broadcom 1
openssl 1
redhatcve 3
freebsd 1
oraclelinux 8
almalinux 4
rocky 4
ibm 3
redhat
redhat
(RHSA-2023:5980) Important: Satellite 6.11.5.6 async security update
2023-10-20 18:38:54
(RHSA-2023:5931) Important: Satellite 6.13.5 Async Security Update
2023-10-19 12:48:52
(RHSA-2023:5982) Important: Red Hat Satellite Client security and bug fix update
2023-10-20 22:17:33
jvn
jvn
JVN#16765254: Multiple code injection vulnerabilities in ruby-git
2023-01-05 00:00:00
debiancve
debiancve
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-46648
2023-01-17 10:15:11
CVE-2022-2068
2022-06-21 15:15:00
osv
osv
Code injection in ruby git
2023-01-17 12:30:33
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-46648
2023-01-17 10:15:11
ubuntucve
ubuntucve
CVE-2022-46648
2023-01-17 00:00:00
CVE-2022-47318
2023-01-17 00:00:00
CVE-2022-2068
2022-06-21 00:00:00
nessus
nessus
Fedora 37 : rubygem-git (2023-e3985c2b3b)
2023-01-29 00:00:00
Debian DLA-3303-1 : ruby-git - LTS security update
2023-01-31 00:00:00
Amazon Linux AMI : openssl (ALAS-2022-1626)
2022-08-05 00:00:00
cve
cve
CVE-2022-46648
2023-01-17 10:15:11
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-2068
2022-06-21 15:15:00
mageia
mageia
Updated ruby-git packages fix security vulnerability
2023-03-19 01:16:28
prion
prion
Code injection
2023-01-17 10:15:00
Code injection
2023-01-17 10:15:00
Command injection
2022-06-21 15:15:00
github
github
Code injection in ruby git
2023-01-17 12:30:33
Traefik vulnerable to HTTP/2 request causing denial of service
2023-10-17 02:37:42
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0097)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3303-1)
2023-01-31 00:00:00
Huawei EulerOS: Security Advisory for compat-openssl (EulerOS-SA-2022-2548)
2022-10-12 00:00:00
debian
debian
[SECURITY] [DLA 3303-1] ruby-git security update
2023-01-30 22:33:35
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
suse
suse
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
amazon
amazon
Medium: openssl
2022-07-28 20:38:00
Medium: openssl
2022-07-28 21:55:00
Medium: openssl11
2022-07-28 21:55:00
alpinelinux
alpinelinux
CVE-2022-2068
2022-06-21 15:15:00
slackware
slackware
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
[slackware-security] openssl
2022-06-23 05:32:23
broadcom
broadcom
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
2023-08-01 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-2068
2022-06-21 00:00:00
redhatcve
redhatcve
CVE-2022-2068
2022-06-22 06:36:12
CVE-2023-39325
2023-10-11 17:12:30
CVE-2023-44487
2023-10-10 21:13:33
freebsd
freebsd
traefik -- Resource exhaustion by malicious HTTP/2 client
2023-10-10 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2023-10-18 00:00:00
grafana security update
2023-10-20 00:00:00
grafana security update
2023-10-20 00:00:00
almalinux
almalinux
Important: go-toolset:rhel8 security update
2023-10-16 00:00:00
Moderate: grafana security update
2023-10-18 00:00:00
Moderate: grafana security update
2023-10-18 00:00:00
rocky
rocky
toolbox security update
2023-11-11 23:00:15
go-toolset:rhel8 security update
2023-10-24 18:35:47
grafana security update
2023-10-24 18:35:47
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
2023-12-08 09:00:02
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
2023-11-28 09:53:55
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)
2023-10-26 17:35:42

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.739 High

EPSS

Percentile

98.1%

JSON
Related for RHSA-2023:5979
redhat44jvn1debiancve3osv15ubuntucve4nessus61cve3mageia1prion3github2openvas22debian1f51suse4cloudlinux1altlinux2amazon3alpinelinux1slackware2broadcom1openssl1redhatcve3freebsd1oraclelinux8almalinux4rocky4ibm3