Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Jun 2015 15:50:19 -0400 (EDT)
From: cve-assign@...re.org
To: tomek@...asano.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Cross-Site Request Forgery in Spina CMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> CSRF vulnerability across the entire engine
> which includes administrative functionality such as creating users, changing
> passwords, and media management
> 
> https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75

> app/controllers/spina/application_controller.rb
> 
> + protect_from_forgery

Use CVE-2015-4619.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVgH1wAAoJEKllVAevmvmsmXEIAJrugn4wE5hSp5pLPpk0cWaM
Vn0s3Yp+Nw6bHntxDNBTjfjyfwGfaXPGjcllHKtH6DdRgAjaHKOd6vBFWxW/sG2C
oo9uSvA16Jaae7PdSP1jcWcFqNxIQelMmsVhVMAtwt/hhkSBZ/znBzLdoaM6euMI
6JLHcTbi+XGsWOSlTTQmLYY4iwOOBLsCuTR4M2A0SqG6cx7LzdhmTCTpjOA9N8Gs
0h+Rrv5P5E5WOc+NgRLfMo9Z5uNDp3BvPVA9kULsh44i43mj6SIk7Z8b5PzFhL1+
DTPb5HvCmp9cimdsIssPxWA/yvupaUsAJ4FWAz+/zWTBT51yCbAh6opk+XWoa1s=
=I+/h
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ