[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Apr 2008 19:51:27 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: coley@...us.mitre.org, oss-security@...ts.openwall.com
Subject: CSRF vulnerability in ikiwiki
This is:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445>
Steven, could we get a CVE, please? Full description follows (version
1.33.5 has not yet been released, but will follow once I've got a CVE 8-).
## Cross Site Request Forging
Cross Site Request Forging could be used to constuct a link that would
change a logged-in user's password or other preferences if they clicked on
the link. It could also be used to construct a link that would cause a wiki
page to be modified by a logged-in user.
These holes were discovered on 10 April 2008 and fixed the same day with
the release of ikiwiki 2.42. A fix was also backported to Debian etch, as
version 1.33.5. I recommend upgrading to one of these versions.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
