request #15131 SQL injection in the planning edition panel

Artifact

Infos

Artifact ID#15131

Submitted byThomas Gerbet (tgerbet)

Last Modified On2021-10-18 10:55

Submitted on2020-07-20 10:10

Rank16397

Details

Summary *

SQL injection in the planning edition panel

Original Submission

Tuleap does not sanitize properly user inputs when constructing the SQL query to edit an agile dashboard planning.

Impact

An attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries.
CVSSv3.1 score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Exploitation

Issue can be demonstrated by modifying the column ID of the mapping_field form parameter. For example to generate an SQL error something like mapping_field[56][values][45][] becomes mapping_field[56][values][45)][].

References

CWE-89
OWASP SQL Injection

CVE-2021-41147

CategoryAgile Dashboard

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2020-07-20

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #14817	Tuleap	Releases	11.17	Delivered	2020-07-23 10:57	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #15131

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/64/19564/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 1157e5d024

Joris MASSON (jmasson) , 2020-07-20 10:53

request #15131: SQL injection in the planning edition panel d6b2f8b8c5

Thomas Gerbet (tgerbet) , 2020-07-20 10:20

Show items referenced by request #15131

Referenced by request #15131

Artifact Tracker v5

rel #14817 11.17

Other

gerrit #19564

Follow-ups

Thomas Gerbet (tgerbet)

2021-10-18 10:55

CVE-2021-41147 has been assigned to this issue.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Thomas Gerbet (tgerbet)

2021-10-15 10:31

Public disclosure.

Joris MASSON (jmasson)

2020-07-20 10:55

gerrit #19564 integrated into Tuleap 11.16.99.173

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #14817
Close date set to 2020-07-20

Thomas Gerbet (tgerbet)

2020-07-20 10:13

Status changed from Under implementation to Under review

Thomas Gerbet (tgerbet)

2020-07-20 10:12

Patch under review: gerrit #19564.