Date: Mon, 11 Oct 2010 15:28:51 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: usebb before 1.0.11 unauthorized access to content ----- "Hanno Böck" <hanno@...eck.de> wrote: > http://www.usebb.net/community/topic.php?id=2501 > > A security issue has been discovered in UseBB 1.0.10 with per forum and > topic RSS feeds in combination with restricted forum access permissions, > giving users access to post contents that should remain hidden. Anyone > having a restricted "read" permission set but NOT an equal or more > restricted "view" one is prone to this issue. > Here is a slightly better description here: http://www.usebb.net/community/topic-2495.html Please use CVE-2010-3713 for this. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ