Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #9204 SQL injections in CVS module
    Actions
    Infos
    #9204
    Thomas Gerbet (tgerbet)
    2016-05-31 14:35
    2016-05-30 11:56
    9489
    Details
    SQL injections in CVS module

    Tuleap does not sanitize properly user inputs when constructing SQL queries in the CVS module.

    Impact

    An authenticated attacker could execute arbitrary SQL queries.
    CVSSv3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

    Proof of concept

    One of the possible way to demonstrate the vulnerabilities is with the page <tuleap_url>/cvs/viewvc.php is exploitable via the parameter root.

    The vulnerability can be demonstrated by putting ' in the parameter, when the vulnerability is present a notice will be raised.

    References

    https://cwe.mitre.org/data/definitions/89.html
    https://www.owasp.org/index.php/SQL_Injection

    SCM/CVS
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2016-05-31
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #9204

    Artifact Tracker v5

    rel #8983 8.16
    request #9361 CVS search by commiter does not work

    Git commit

    tuleap/tuleap/stable

    request #9204: Fix SQL injections in CVS d34e09a753
    User avatar Thomas Gerbet (tgerbet) , 2016-05-30 14:49
    Referenced by request #9204

    Other

    gerrit #5804
    Display settings

    Follow-ups