Release date:
Updated on:
Affected Systems:
Foreman <1.2.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 63785
CVE (CAN) ID: CVE-2013-4386
Foreman is a management tool that can automatically maintain the server lifecycle.
The host and Host group parameters stored in Foreman 1.2.3 and earlier versions have multiple SQL Injection Vulnerabilities. Remote attackers can exploit these vulnerabilities to control affected applications and perform unauthorized database operations.
<* Source: Dominic Cleal
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1013076
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Foreman
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://github.com/theforeman/foreman
Https://github.com/theforeman/foreman/commit/3dd4c0e5 (develop)
Https://github.com/theforeman/foreman/commit/a3564bcb (1.3)
Https://github.com/theforeman/foreman/commit/911e3f15 (1.2)