Back to bug 1375089
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-09-12 07:24:40 UTC | CC | security-response-team | |
| Adam Mariš | 2016-09-12 07:34:13 UTC | Blocks | 1375092 | |
| Adam Mariš | 2016-09-12 07:35:15 UTC | CC | twade | |
| Adam Mariš | 2016-09-12 07:40:28 UTC | Whiteboard | impact=important,public=no,reported=20160909,source=redhat,cvss2=8.5/AV:N/AC:M/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=affected,cfme-5.6/cfme=affected | impact=important,public=no,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=affected,cfme-5.6/cfme=affected |
| Kurt Seifried | 2016-09-16 17:50:33 UTC | Whiteboard | impact=important,public=no,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=affected,cfme-5.6/cfme=affected | impact=important,public=no,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=wontfix,cfme-5.6/cfme=affected |
| Kurt Seifried | 2016-09-16 17:51:08 UTC | Depends On | 1376878 | |
| Kurt Seifried | 2016-10-03 17:37:38 UTC | Doc Text | A input validation flaw was found in the way CloudForms regular expressions passed to the expression engine via bot the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process. | |
| Eric Christensen | 2016-10-03 18:19:14 UTC | Doc Text | A input validation flaw was found in the way CloudForms regular expressions passed to the expression engine via bot the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process. | An input validation flaw was found in the way CloudForms regular expressions passed to the expression engine via the JSON API and the web-based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process. |
| Kurt Seifried | 2016-10-03 18:28:03 UTC | Doc Text | An input validation flaw was found in the way CloudForms regular expressions passed to the expression engine via the JSON API and the web-based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process. | An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via both the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process. |
| Kurt Seifried | 2016-10-04 17:34:45 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-10-04 13:34:45 UTC | |||
| Kurt Seifried | 2016-10-27 16:43:23 UTC | Whiteboard | impact=important,public=no,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=wontfix,cfme-5.6/cfme=affected | impact=important,public=20161004,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=wontfix,cfme-5.6/cfme=affected |
| Kurt Seifried | 2016-10-27 16:43:28 UTC | Summary | EMBARGOED CVE-2016-7040 cfme: Incorrect sanitization in regular expression engine | CVE-2016-7040 cfme: Incorrect sanitization in regular expression engine |
| Kurt Seifried | 2016-10-27 16:43:33 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2016-12-05 16:20:52 UTC | Whiteboard | impact=important,public=20161004,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=wontfix,cfme-5.6/cfme=affected | impact=important,public=20161004,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=wontfix,cfme-5.6/cfme=affected,cfme-5.7/cfme=affected |
| Kurt Seifried | 2016-12-05 16:21:41 UTC | Depends On | 1401601 | |
| Product Security DevOps Team | 2019-09-29 13:56:12 UTC | Whiteboard | impact=important,public=20161004,reported=20160909,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,cfme-5.2/cfme=affected,cfme-5.3/cfme=affected,cfme-5.4/cfme=affected,cfme-5.5/cfme=wontfix,cfme-5.6/cfme=affected,cfme-5.7/cfme=affected |
Back to bug 1375089