CVE-2018-1096: SQL injection in dashboard controller
|Assigned To:||Tomer Brisker|
|Found in release:||1.9.0||Pull request:||https://github.com/theforeman/foreman/pull/5365, https://github.com/theforeman/foreman/pull/5364, https://github.com/theforeman/foreman/pull/5363|
|Velocity based estimate||-|
Widget id is not properly escaped for save_positions action on the dashboard, leading to SQL injection possibility.
This only allows injecting conditions to the select conditions, as it is a prepared query it does not allow executing additional commands.
It is only available to authenticated users.
This issue was reported by Martin Povolný from Red Hat.