•  
      request #15028 The update of the CI job targeted by a widget is vulnerable to blind SQL injections
    Infos
    #15028
    Thomas Gerbet (tgerbet)
    2021-10-18 11:01
    2020-06-26 15:10
    16200
    Details
    The update of the CI job targeted by a widget is vulnerable to blind SQL injections

    Tuleap does not sanitize properly user inputs when constructing the SQL query to update the continuous integration job targeted by one of the widgets.

    Impact

    An attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries.
    CVSSv3.1 score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

    Exploitation

    Issue can be demonstrated by adding one the CI widget to a personal dashboard, edit it, set the value to submit to something like (SELECT BENCHMARK(50000000,ENCODE('MSG','Slow'))) and submit. You will notice a unexpected slowness.

    References

    CWE-89
    https://www.owasp.org/index.php/SQL_Injection

    CVE-2021-41148

    Continuous Integration
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-06-26
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2021-10-18 11:01

    CVE-2021-41148 has been assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2020-06-26 15:30
    Patch under review: gerrit #19367.

    • Summary
      -Updating the CI job targeted by a widget is vulnerable to blind SQL injections 
      +The update of the CI job targeted by a widget is vulnerable to blind SQL injections 
    • Status changed from Under implementation to Under review