Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAE=eJsfopNJPRAyMr_3PmPnk4mfBKkRZKwgqjVKwPmsb4hWwjQ@mail.gmail.com>
Date: Wed, 28 Mar 2018 10:53:44 +0300
From: Tomer Brisker <tbrisker@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Foreman 1.9+ SQL injection in dashboard page

CVE-2018-1096: One of the parameters passed when saving widget positions on
the dashboard was not properly escaped leading to possibility of SQL
injection. Due to the nature of the query, exploitation is limited to
possible information disclosure and does not allow modifications to the
database. The vulnerable endpoint is only available to authenticated users.

Affects Foreman 1.9 and higher.

Patch available at https://github.com/theforeman/foreman/pull/5363
Fix will be released in Foreman 1.16.1.
For more information see: http://projects.theforeman.org/issues/23028

-- 
Have a nice day,
Tomer Brisker
Red Hat Engineering

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.