Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 23 Jul 2015 16:04:27 -0400 (EDT)
From: cve-assign@...re.org
To: henri@...v.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: WordPress 4.2.2 and earlier cross-site scripting vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://wordpress.org/news/2015/07/wordpress-4-2-3/

> WordPress versions 4.2.2 and earlier are affected by a cross-site
> scripting vulnerability, which could allow users with the Contributor
> or Author role to compromise a site. This was initially reported by
> Jon Cave and fixed by Robert Chapin, both of the WordPress security
> team

Use CVE-2015-5622.


> We also fixed an issue where it was possible for a user with
> Subscriber permissions to create a draft through Quick Draft.

Use CVE-2015-5623.


We think the vulnerability mappings are:

CVE-2015-5622 = https://core.trac.wordpress.org/changeset/33359

Note that the news URL says 'fixed by <a
href="http://www.miqrogroove.com/">Robert Chapin</a>' and 33359 says
"Props miqrogroove."
https://core.trac.wordpress.org/changeset/33359/trunk/tests/phpunit/tests/kses.php
has:

           array( 
               'a', 
               'href="javascript:alert(1)"', 
               'href="alert(1)"', 
           ), 

[ there has been discussion of 33359, although possibly not about any
remaining security problem - see
https://core.trac.wordpress.org/ticket/15694#comment:24 ]


CVE-2015-5623 = https://core.trac.wordpress.org/changeset/33357

Note that
https://core.trac.wordpress.org/changeset/33357/trunk/src/wp-admin/post.php
makes a change to the "case 'post-quickdraft-save'" section of the
wp-admin/post.php file.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVsUhEAAoJEKllVAevmvmsRrIH/RM7N13JnxT91K8kIqEJwRn0
cnPLrUgiX8hBVtWr/Nl20n1wNzG8BYEKRUHbq3AjwgOzzLkRa1d5bNfY565pjkKe
h9QfYlFVZ9AkI0jDHMMxcpuX9DbiZW3c32dWE8xtsA421aZnC+lftZID4SOYkMJO
Fut7UfedkYcmLO2L0o7tm0QcOZS5aAjrJy1NHsqClMW+3AI6xvccYR8LN9JOAkFU
X+pjSom1Q8QDMaEOFOCjZI2nAbZNCehKd6IBWavcgAWZcB+RIxYTjsxl4FE6bvxH
dDp8joXZpy62s/bXlhoOiZTgxDV/PpKourV8tg7uU37m35kisQflcBEJn+ptqdg=
=IbzO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ