Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 19 Apr 2018 14:30:49 -0700
From: Ed Cable <edcable@...os.org>
To: user@...eract.apache.org, Dev <dev@...eract.apache.org>, 
	oss-security@...ts.openwall.com, security <security@...che.org>, 
	圆珠笔 <627963028@...com>
Subject: [SECURITY] CVE-2018-1289: Apache Fineract SQL Injection Vulnerability
 by orderBy and sortOrder parameters

Severity: Critical

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Fineract 1.0.0
Apache Fineract 0.6.0-incubating
Apache Fineract 0.5.0-incubating
Apache Fineract 0.4.0-incubating

Description:
Apache Fineract exposes different REST end points to query domain specific
entities with a Query Parameter 'orderBy' and 'sortOrder' which
are appended directly with SQL statements. A hacker/user can inject/draft
the  'orderBy' and 'sortOrder'  query parameter in such a way to
to read/update the data for which he doesn't have authorization.

Mitigation:
All users should migrate to Apache Fineract 1.1.0 version
https://github.com/apache/fineract/tree/1.1.0


Credit:
This issue was discovered by 圆珠笔 (627963028@...com)

References:
http://fineract.apache.org/
https://cwiki.apache.org/confluence/display/FINERACT/Apache+
Fineract+Security+Report

Regards,
Apache Fineract Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.