Fixed
Details
Assignee
Seth LegerSeth LegerReporter
Seth LegerSeth LegerComponents
Sprint
NoneFix versions
Affects versions
Priority
Blocker
Details
Details
Assignee
Seth Leger
Seth LegerReporter
Seth Leger
Seth LegerComponents
Sprint
None
Fix versions
Affects versions
Priority
BlockerPagerDuty
PagerDuty
PagerDuty
Created June 28, 2017 at 3:14 PM
Updated September 7, 2017 at 5:22 PM
Resolved July 17, 2017 at 8:33 PM
The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.
https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms