Red Hat Bugzilla – Bug 1013076
CVE-2013-4386 Foreman: host and host group parameter SQL injection
Last modified: 2016-04-26 13:25:04 EDT
Dominic Cleal of Red Hat reported an SQL injection vulnerability in
Host and host group parameter overrides (lookup_values) use a hand-crafted SQL
query to associate the host/host group to the lookup_value object, as it
searches for lookup_values with the "fqdn=foo.example.com" or "hostgroup=Foo"
syntaxes. The association calls a method on the host or host group for the
matcher string, then puts the response straight into SQL query. By changing
the host's FQDN or the host group's label, arbitrary SQL can be injected.
This issue was discovered by Dominic Cleal of Red Hat.
Foreman 1.2.3 has been released to fix this issue:
This issue has been addressed in following products:
OpenStack 3 for RHEL 6
Via RHSA-2013:1522 https://rhn.redhat.com/errata/RHSA-2013-1522.html