Описание
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
An input sanitization flaw was found in the id field of the dashboard controller. A user could use this flaw to perform a SQL injection attack on the back-end database.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | foreman | Not affected | ||
| Red Hat Satellite 6.4 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | candlepin | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | createrepo_c | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-selinux | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | gofer | Fixed | RHSA-2018:2927 | 16.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
An input sanitization flaw was found in the id field in the dashboard ...
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
EPSS
6.5 Medium
CVSS3