Описание
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-2121
- https://access.redhat.com/errata/RHEA-2014:1175
- https://access.redhat.com/errata/RHSA-2013:0995
- https://access.redhat.com/security/cve/CVE-2013-2121
- https://bugzilla.redhat.com/show_bug.cgi?id=966804
- https://bugzilla.redhat.com/show_bug.cgi?id=968166
- https://groups.google.com/forum/#!topic/foreman-users/6WpO_3ugiXU
- https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU
- http://projects.theforeman.org/issues/2631
- http://rhn.redhat.com/errata/RHSA-2013-0995.html
- http://www.exploit-db.com/exploits/27045
Связанные уязвимости
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Eval injection vulnerability in the create method in the Bookmarks con ...