Date: Thu, 9 Jan 2014 06:11:55 -0500 (EST) From: cve-assign@...re.org To: ratulg@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The entity module for Drupal > > The module's entity wrapper access API doesn't sufficiently protect > comment, user and node statistics properties from unprivileged user access. Use CVE-2014-1398. > The module's entity wrapper access API doesn't sufficiently check entity > access on referenced entities such as taxonomy terms. Use CVE-2014-1399. (We are interpreting "doesn't sufficiently protect" and "doesn't sufficiently check" as different flaw categories.) > The module's entity_access() API doesn't protect unpublished comments > from being viewed by unprivileged users. Use CVE-2014-1400. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSzoMZAAoJEKllVAevmvmsO+sH/j/OSRR3n2FzkO3oV7w8MvH9 6kKhqfvft9DftI2AXP2W9/ugRr+RUgf0/8mFk+dJeJ5UMlGn/f8MajDXsSD66mc0 xR1PrAkkTwYiEcnVb/esFEEPoBKiezPRlPbaR1c33cuo82MS+VoUTVQmp3snz5v2 OcSW1AWX/zulIRxjASF/uAKD+HUQLtPf8Fx/0Qh1qFA7jA1A8MGQ94xvXbR+vk9b 3OhMLf1cY8ROG0nO+FSMDVly0InmYqABb9AByHXhf45gu/sCnYrmYxChbyLA8M5P fsEVpDeojUwBOAccJdRqIJZAO+lZ7lcwYVxSgLBCCJ6GiWAcwMZLsVIDbtyZIHc= =QQmr -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ