CVE-2018-1096: SQL injection in dashboard controller
Fixed in Releases:
Found in Releases:
Widget id is not properly escaped for save_positions action on the dashboard, leading to SQL injection possibility.
This only allows injecting conditions to the select conditions, as it is a prepared query it does not allow executing additional commands.
It is only available to authenticated users.
This issue was reported by Martin Povolný from Red Hat.
#1 Updated by Tomer Brisker almost 5 years ago
- Description updated (diff)
#2 Updated by Tomer Brisker almost 5 years ago
- Related to Refactor #8106: Save dashboard widgets in DB to increase flexibility added
#3 Updated by Tomer Brisker almost 5 years ago
- Private changed from Yes to No
- Subject changed from SQL injection in dashboard controller to CVE-2018-1096: SQL injection in dashboard controller
#4 Updated by The Foreman Bot almost 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5363 added
#5 Updated by Tomer Brisker almost 5 years ago
- Legacy Backlogs Release (now unused) set to 332
#6 Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/foreman/pull/5364 added
#7 Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/foreman/pull/5365 added
#8 Updated by Martin Povolny almost 5 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 274665e24373de670a9107d4565c10ec41dd5f65.
Fixes #23028 - Properly escape params passed to where (CVE-2018-1096) (#5363)