oss-sec mailing list archives
CVE Requests for Drupal Core - SA-CORE-2016-004
From: Pere Orga <pere () orga cat>
Date: Wed, 28 Sep 2016 21:51:03 +0200
Hi Please can I have CVE IDs assigned to the following Drupal vulnerabilities (see https://www.drupal.org/SA-CORE-2016-004): Users without "Administer comments" can set comment visibility on nodes they can edit Cross-site Scripting in http exceptions Full config export can be downloaded without administrative permissions Versions affected are all Drupal 8.x versions prior to 8.1.10. Thanks -- Pere Orga on behalf of the Drupal Security team
Current thread:
- CVE Requests for Drupal Core - SA-CORE-2016-004 Pere Orga (Sep 28)
- Re: CVE Requests for Drupal Core - SA-CORE-2016-004 cve-assign (Sep 28)