Actions
Bug #23028
closed
CVE-2018-1096: SQL injection in dashboard controller
Difficulty:
Triaged:
Description
Widget id is not properly escaped for save_positions action on the dashboard, leading to SQL injection possibility.
This only allows injecting conditions to the select conditions, as it is a prepared query it does not allow executing additional commands.
It is only available to authenticated users.
This issue was reported by Martin Povolný from Red Hat.
Updated by Tomer Brisker about 6 years ago
- Related to Refactor #8106: Save dashboard widgets in DB to increase flexibility added
Updated by Tomer Brisker about 6 years ago
- Subject changed from SQL injection in dashboard controller to CVE-2018-1096: SQL injection in dashboard controller
- Private changed from Yes to No
Updated by The Foreman Bot about 6 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5363 added
Updated by Tomer Brisker about 6 years ago
- translation missing: en.field_release set to 332
Updated by The Foreman Bot about 6 years ago
- Pull request https://github.com/theforeman/foreman/pull/5364 added
Updated by The Foreman Bot about 6 years ago
- Pull request https://github.com/theforeman/foreman/pull/5365 added
Updated by Martin Povolny about 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 274665e24373de670a9107d4565c10ec41dd5f65.
Actions