Input Sanitization Flaw in Foreman Dashboard Controller by Red Hat
CVE-2018-1096

6.5MEDIUM

Key Information:

Vendor

Foreman Project

Status
Foreman
Vendor
CVE Published:
5 April 2018

What is CVE-2018-1096?

An input sanitization flaw exists in the id field within the dashboard controller of Foreman. This vulnerability allows attackers to craft malicious inputs, potentially facilitating SQL injection attacks against the backend database. Such exploitation could lead to unauthorized access to sensitive data or manipulation of backend operations, emphasizing the necessity of proper input validation to secure applications.

Affected Version(s)

Foreman before 1.16.1

References

https://access.redhat.com/errata/RHSA-2018:2927
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1561061
x_refsource_CONFIRM
http://projects.theforeman.org/issues/23028
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.