•  
      request #15131 SQL injection in the planning edition panel
    Infos
    #15131
    Thomas Gerbet (tgerbet)
    2021-10-18 10:55
    2020-07-20 10:10
    16254
    Details
    SQL injection in the planning edition panel

    Tuleap does not sanitize properly user inputs when constructing the SQL query to edit an agile dashboard planning.

    Impact

    An attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries.
    CVSSv3.1 score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

    Exploitation

    Issue can be demonstrated by modifying the column ID of the mapping_field form parameter. For example to generate an SQL error something like mapping_field[56][values][45][] becomes mapping_field[56][values][45)][].

    References

    CWE-89
    OWASP SQL Injection

    CVE-2021-41147

    Agile Dashboard
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-07-20
    Attachments
    Empty
    References

    Follow-ups