oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1

From: Amos Benari <abenari () redhat com>
Date: Thu, 20 Dec 2012 05:35:59 -0500 (EST)
Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 allow remote 
attackers to execute arbitrary SQL commands via multiple parameters. These issues have been assigned the identifier 
CVE-2012-5648. Source code updates are available at: 
https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
The issue is now solved in Foreman 1.0.2
Previous By Date Next
Previous By Thread Next

Current thread: