oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for Drupal contributed modules

From: Henri Salo <henri () nerv fi>
Date: Sat, 10 Aug 2013 10:38:30 +0300
On Fri, Aug 09, 2013 at 10:02:59PM -0600, Kurt Seifried wrote:

On 08/09/2013 05:29 PM, Forest Monsen wrote:

Hi there,

I'd like to request CVE identifiers for...

SA-CONTRIB-2013-061 - Flippy - Access Bypass 
https://drupal.org/node/2054701

SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access
Bypass https://drupal.org/node/2059603

SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache)
- Information Disclosure https://drupal.org/node/2059589

SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF) 
https://drupal.org/node/2059599

SA-CONTRIB-2013-065 - Organic Groups - Access Bypass 
https://drupal.org/node/2059765

SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities 
(Looks like two here: XSS, and an Access Bypass vuln) 
https://drupal.org/node/2059823

Thanks!

Best, Forest



Yup

CVE-2013-4224 SA-CONTRIB-2013-061 - Flippy - Access Bypass

CVE-2013-4225 SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) -
Access Bypass

CVE-2013-4226 SA-CONTRIB-2013-063 - Authenticated User Page Caching
(Authcache) -Information Disclosure

CVE-2013-4227 SA-CONTRIB-2013-064 - Persona - Cross site request
forgery (CSRF)

CVE-2013-4228 SA-CONTRIB-2013-065 - Organic Groups - Access Bypass

CVE-2013-4229 SA-CONTRIB-2013-066 - Monster Menus XSS

CVE-2013-4230 SA-CONTRIB-2013-066 - Monster Menus Access Bypass


CVE-2013-4187 has been assigned already for SA-CONTRIB-2013-061[1].
CVE-2013-4224 should be REJECTED if I am correct, thanks.

1: http://www.openwall.com/lists/oss-security/2013/08/01/1

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: