oss-sec mailing list archives
Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3)
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 28 Jan 2013 23:45:24 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/28/2013 01:56 AM, Henri Salo wrote:
Hello, Vulnerabilities fixed in WordPress 3.1.4[1] does not yet have CVE identifiers. As far as I can tell there is three different issues[2][3][4]. Details of issue OSVDB:73721 from Andrew Nacin below: Using specially crafted requests under certain conditions, users without the ability to write with unfiltered HTML could add some to a post, and could update posts where they did not have a permission to do so. The relevant changeset is: http://core.trac.wordpress.org/changeset/18368/branches/3.1 1: http://wordpress.org/news/2011/06/wordpress-3-1-4/ 2: http://osvdb.org/73721 WordPress Unspecified Access Restriction Bypass 3: http://osvdb.org/73722 WordPress wp-admin/edit-tags.php Multiple Parameter SQL Injection 4: http://osvdb.org/73723 WordPress wp-admin/link-manager.php Multiple Parameter SQL Injection Please note that these need to be CVE-2011-XXXX, thanks. -- Henri Salo
Can the WordPress team reply with commentary so I can help make sense of this? thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRB3AEAAoJEBYNRVNeJnmTobUP/11ZfBUsKendTEQdq2VUQY/R 98stEMUOWnWFd99GbdQdPzRtPgq+s/dKvjyIj2OohDcQY4UfEn6cFpl75EhoxPbA FNUDrglQld57MyJh3MUGFTQHBQqjSl4ySn5xJEFv1Nq/j9qp9DZvd03lTpWdv8L7 I84+WdB71ybqpre3wRM1/RXLGjFi+PrxXsYwq0FJiDX4GrKQ5LZFeZiahvWAFYjQ Q8puHO4rxRkNxzO1ZdxJiudElD9EJaUxPDabJhgvaSAoWXFNDCKIPKKK0jv/Y19z d34E4ngvYTJZq8gtcBoOysSOb8Yv6lMUam4LGEYsVGxsoVB9nJYO5UV1G69V+A45 p1H54EoSI4jel9S2vJWUbIzRplEMH4o3iW0EnHLwi0+lK6xNuv4BDnbKsyQKoyfi REkWrGreXOIovKeCiBXyL84wGTOaQA4/Oq9WqwCNgGXlOFKA9gTa3gaVR2DeVZkY A71e+vculLGA9unHqAZlgyUFv0Uy2U/PYBM1Go+TalEA71Ja86DRgilHqJVu5O2b sh7kJ16bnYayyusvnY4dQGdAIcq6A01RHw7xJ0K2pZUeidiDrVa+oriUC7q0GWiX UutdvrsUv3PJ8Hpb64VP6L/DlvD8FmokKIhR7FAiPwjmjUIxLr5LnELrZDu20OUy 9ds0Pf073NFt5UvIGJYP =UTA2 -----END PGP SIGNATURE-----
Current thread:
- CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Henri Salo (Jan 28)
- Re: CVE request: WordPress 3.1.4 (and 3.2 Release Candidate 3) Kurt Seifried (Jan 28)