Project

General

Profile

Actions
Copy link

Bug #2631

closed

Remote code execution in Foreman via bookmark controller name

Added by Dominic Cleal almost 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Joseph Magen
Category:
Security
Target version:
1.2.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

There is a code injection vulnerability in the create method of the Bookmarks controller. The create method uses the controller attribute of the newly created bookmark in an eval statement without sanitizing it.

This security issue has been assigned the identifier CVE-2013-2121. It affects all Foreman versions prior to 1.2.0-RC2.

Thank you to Ramon de C Valle for identifying and notifying us of this vulnerability.

Actions
Copy link
 #1

Updated by Dominic Cleal almost 11 years ago

Patches have been committed to develop and 1.2-stable branches. Foreman 1.2.0-RC2 will contain a fix.

Foreman 1.1 stable users may apply the following patch: https://github.com/theforeman/foreman/commit/8920e796.patch

Actions
Copy link
 #2

Updated by Joseph Magen almost 11 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF