oss-sec mailing list archives
Re: CVE request for Drupal contributed modules
From: Henri Salo <henri () nerv fi>
Date: Sat, 10 Aug 2013 10:38:30 +0300
On Fri, Aug 09, 2013 at 10:02:59PM -0600, Kurt Seifried wrote:
On 08/09/2013 05:29 PM, Forest Monsen wrote:Hi there, I'd like to request CVE identifiers for... SA-CONTRIB-2013-061 - Flippy - Access Bypass https://drupal.org/node/2054701 SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass https://drupal.org/node/2059603 SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) - Information Disclosure https://drupal.org/node/2059589 SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF) https://drupal.org/node/2059599 SA-CONTRIB-2013-065 - Organic Groups - Access Bypass https://drupal.org/node/2059765 SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities (Looks like two here: XSS, and an Access Bypass vuln) https://drupal.org/node/2059823 Thanks! Best, ForestYup CVE-2013-4224 SA-CONTRIB-2013-061 - Flippy - Access Bypass CVE-2013-4225 SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass CVE-2013-4226 SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) -Information Disclosure CVE-2013-4227 SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF) CVE-2013-4228 SA-CONTRIB-2013-065 - Organic Groups - Access Bypass CVE-2013-4229 SA-CONTRIB-2013-066 - Monster Menus XSS CVE-2013-4230 SA-CONTRIB-2013-066 - Monster Menus Access Bypass
CVE-2013-4187 has been assigned already for SA-CONTRIB-2013-061[1]. CVE-2013-4224 should be REJECTED if I am correct, thanks. 1: http://www.openwall.com/lists/oss-security/2013/08/01/1 --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for Drupal contributed modules Forest Monsen (Jul 22)
- <Possible follow-ups>
- CVE request for Drupal contributed modules Forest Monsen (Jul 25)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Jul 27)
- CVE request for Drupal contributed modules Forest Monsen (Aug 09)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
- Re: CVE request for Drupal contributed modules Henri Salo (Aug 10)
- Re: CVE request for Drupal contributed modules Forest Monsen (Aug 11)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 12)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 21)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Sep 26)