Project

General

Profile

Actions

Bug #14140

closed

Arbitrary Ruby code execution via Discovery setting

Added by Lukas Zapletal over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Image
Target version:
Difficulty:
trivial
Triaged:
Fixed in Releases:
Found in Releases:

Description

We have couple of evals during review of new Discovery Show page:

https://github.com/lzap/foreman_discovery/blob/fact-clear-14100/app/controllers/discovered_hosts_controller.rb#L188-L193

You can run arbitrary Ruby code by entering it on the About - Settings - Discovery and then visiting a discovered host detail page where it gets rendered.

Actions

Also available in: Atom PDF