Overview

CVE-2013-0156 (ActionPack SQL Injection Vulnerability)

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

The parameter parsing code of Ruby on Rails allows applications to automatically cast values from strings to certain data types. Unfortunately the type casting code supported certain conversions which were not suitable for performing on user-provided data including creating Symbols and parsing YAML. These unsuitable conversions can be used by an attacker to compromise a Rails application.

This vulnerability affects Puppet Dashboard, which is installed on the console in Puppet Enterprise.

More information can be found in the following post:

Status

  • Hotfixes available for Puppet Enterprise 1.2.5 and 2.7.0

Hotfixes