oss-sec mailing list archives
CVE Request: phpbb open redirect
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Tue, 12 May 2015 10:55:59 +0200
Hello, from the phpbb 3.0.14 release highlight:
Security: An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson (avlidienbrunn) for bringing this to our attention.
https://wiki.phpbb.com/Release_Highlights/3.0.14 The patch seems to be this one: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04 Honestly, there doesn't seem to be much information publicly available, but can a CVE be assigned for this please? Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: phpbb open redirect Alessandro Ghedini (May 12)
- Re: CVE Request: phpbb open redirect Hanno Böck (May 12)
- Re: CVE Request: phpbb open redirect cve-assign (May 12)