CVE-2014-3653 - Provisioning Templates Preview mode strips out text like <<FOO
|Triaged:||Fixed in Releases:|
|Bugzilla link:||Found in Releases:||1.6.0|
I have Foreman 1.5.1. I will try to test this against 1.5.2 and 1.6.0, but if someone else can test it first that would be grand.
Steps to reproduce:
In Provisioning Templates, click New Template.
Put this into the code box:
test <<FOO > bar
Now the contents are:
test < bar
That's a pretty big problem for templates that want to use shell redirection!
Fixes #7483 - Use hidden input value to hold raw template contents (CVE-2014-3653)
#2 Updated by Dominic Cleal almost 4 years ago
- Category set to Security
- Status changed from New to Assigned
- Assignee set to Aaron Stone
- Target version set to 1.7.3
- Legacy Backlogs Release (now unused) set to 22
Thanks for the report. This has a security impact as it seems to be rendered as HTML, we're getting a CVE assigned. Please go ahead and submit your fix, we'll get it into 1.6.1.