Bug 1065396 - (CVE-2017-14807) VUL-1: CVE-2017-14807: studio: SQL injection in ui-server/app/models/diary_entry.rb
VUL-1: CVE-2017-14807: studio: SQL injection in ui-server/app/models/diary_en...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
maint:planned:update CVSSv2:NVD:CVE-2...
Depends on:
  Show dependency treegraph
Reported: 2017-10-27 07:25 UTC by Johannes Segitz
Modified: 2020-02-05 00:39 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-10-27 07:25:30 UTC
in self.paginated_search sql query is build manually from untrusted input:
      sql += " LOWER(event) LIKE LOWER('#{event.downcase}')"
Event is controlled by the user. 


As far as I can see the diary is only accessible to the admin. I'm not sure if in the SUSE studio context 'studio admin' == 'server admin'. If not we should fix it if we do another update for studio.
Comment 1 Johannes Segitz 2020-01-27 08:52:57 UTC
Studio EOL