oss-sec mailing list archives
CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass
From: Henri Salo <henri () nerv fi>
Date: Mon, 11 Feb 2013 13:12:58 +0200
Hello,
From Secunia: A security issue has been reported in Trac, which can be exploited
by malicious users to bypass certain security restrictions. The security issue is caused due to the application not properly checking workflow permissions before modifying a ticket, which can be exploited to change the status and resolution of tickets without having proper permissions. http://secunia.com/advisories/39123/ http://osvdb.org/show/osvdb/63317 The security issue is reported in versions prior to 0.11.7. http://trac.edgewall.org/wiki/ChangeLog#a0.11.7 Could you assign CVE-2010-XXXX, thank you. Please double verify this hasn't been assigned. I tried my best to avoid duplicates :) -- Henri Salo
Current thread:
- CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Henri Salo (Feb 11)
- Re: CVE request: Trac Ticket Modification Workflow Permission Restriction Bypass Kurt Seifried (Feb 12)