Remote code execution in Foreman via bookmark controller name
There is a code injection vulnerability in the create method of the Bookmarks controller. The create method uses the controller attribute of the newly created bookmark in an eval statement without sanitizing it.
This security issue has been assigned the identifier CVE-2013-2121. It affects all Foreman versions prior to 1.2.0-RC2.
Thank you to Ramon de C Valle for identifying and notifying us of this vulnerability.
Updated by Dominic Cleal over 10 years ago
Patches have been committed to develop and 1.2-stable branches. Foreman 1.2.0-RC2 will contain a fix.
Foreman 1.1 stable users may apply the following patch: https://github.com/theforeman/foreman/commit/8920e796.patch