Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: Fix some reported security issues #4807

Merged
merged 3 commits into from Oct 15, 2016

Conversation

@laf
Copy link
Member

laf commented Oct 15, 2016

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Introduce two new functions to help clean up user input + displaying it.

A big thank you for the two responsible disclosure reports we've had.

Jaspher Respicio (Twitter: @Jaspher):

  • XSS within the dashboard widget titles and notes widget.
  • XSS from port descriptions, this could be triggered by updating interface descriptions directly on the devices or via the override within the WebUI.

Fatih Acar (gandi.net):

  • Pre-auth SQL injection vulnerability using the default MySQL auth (other auth modules unaffected).
  • Remote command execution using netcmd.php
@scrutinizer-notifier

This comment has been minimized.

Copy link

scrutinizer-notifier commented Oct 15, 2016

The inspection completed: 2 updated code elements

@laf laf merged commit a2f2ccf into librenms:master Oct 15, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@laf laf deleted the laf:cleanup-input-functions branch Oct 15, 2016
bob-beck pushed a commit to openbsd/ports that referenced this pull request Oct 21, 2016
hakrdinesh pushed a commit to hakrtech/openbsd-ports0-test that referenced this pull request Jan 16, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Jan 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
2 participants
You can’t perform that action at this time.