Date: Fri, 13 Jun 2014 11:30:04 +0200 From: Damien Cauquil <d.cauquil@...dream.com> To: oss-security@...ts.openwall.com Subject: CVE request: Proxmox VE < 3.2 user enumeration vulnerability Hi list, We recently found a vulnerability affecting Proxmox VE < 3.2 that allows an unauthenticated user to perform user enumeration. Vendor was contacted and the vulnerability fixed in Proxmox VE 3.2, released on 2014-03-10. References: * Proxmox related commits: https://git.proxmox.com/?p=pve-access-control.git;a=commit;h=6126ab75a0837298427491ea64b9b2e1139c6ba6 We would like to request 1 CVE for this vulnerability. -- Damien Cauquil R&D Director CHFI | CEH | ECSA | CEI Sysdream 108 avenue Gabriel Péri 93400 Saint Ouen Tel: +33 (0) 1 78 76 58 21 www.sysdream.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ