CVE-2018-1096: SQL injection in dashboard controller
Widget id is not properly escaped for save_positions action on the dashboard, leading to SQL injection possibility.
This only allows injecting conditions to the select conditions, as it is a prepared query it does not allow executing additional commands.
It is only available to authenticated users.
This issue was reported by Martin Povolný from Red Hat.
- Description updated (diff)
- Related to Refactor #8106: Save dashboard widgets in DB to increase flexibility added
- Private changed from Yes to No
- Subject changed from SQL injection in dashboard controller to CVE-2018-1096: SQL injection in dashboard controller
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5363 added
- Legacy Backlogs Release (now unused) set to 332
- Pull request https://github.com/theforeman/foreman/pull/5364 added
- Pull request https://github.com/theforeman/foreman/pull/5365 added
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Also available in: Atom