Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Apr 2015 02:25:10 -0400 (EDT)
From: cve-assign@...re.org
To: mattd@...fuzz.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request / Advisory: Floating Social Bar (Wordpress plugin) 1.0.1 - 1.1.6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I'd like to request a CVE ID for this issue. This is the first such
> request; this message serves as an advisory as well.
> 
> Affected software: Floating Social Bar (Wordpress plugin)
> Affected versions: 1.0.1 - 1.1.6
> Website: https://wordpress.org/plugins/floating-social-bar/
> 
> Description: One of the plugin's unauthenticated AJAX action handlers
> is vulnerable to a stored cross-site scripting vulnerability. By
> invoking the action with certain parameters, it is possible for
> unauthenticated attackers to force the persistent injection of
> arbitrary script across the site's post pages.
> 
> Fixed version: 1.1.7
> Fix: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk
> Changelog: https://plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk#file5

Use CVE-2015-3299 for the specific issue in your "Description" section
above. It seems conceivable that 1129648 also fixed something else,
e.g.,

  1. Maybe the
     "-     add_action( 'wp_ajax_nopriv_fsb_save_order', array( $this, 'save_order' ) );"

     code change means that wp_ajax_nopriv_fsb_save_order allowed
     bypassing intended access control, even if the attacker did not
     supply an XSS payload.

  2. Maybe the patched code can help to prevent a CSRF attack against
     an authenticated action handler.

If so, then additional CVE IDs would be needed.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVK2CbAAoJEKllVAevmvmsv8AH/3+lUbuTvK0BVSLHJ7UTXyyq
OXoj6s5bcx9o7N9pdGXfEfop9Uwq8T6l1sytFJ/btjJLo+H2k0wyqknz3INTw8pI
e0Vdd6eGOfBx6x/IUJDDV5biuTHG5/SVIYNghy0o6CWg5ihrDLA0UJ9u/7sdMZg8
lyHYE19RkzuQQrq1Ix/WVQiCqUxo1cwseFQFRTz87qiuvJNaB3aBdrsXAvydB9uA
TCmkLGTkZ9C1DiqlzAwSlsTooscNEy0kYLnoBxDhSO548x9GtrkB9EIVn5l36Zo9
5RGsz2MCxXrl1KafKY5R+e1czypYgkhIn7c+U80FGv5kMt7F0yQceq7mqEn674E=
=yUNM
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ