Date: Sat, 19 Sep 2015 10:47:29 -0500 From: Nathan Van Gheem <nathan.van.gheem@...ne.org> To: oss-security@...ts.openwall.com Subject: CVE Request: Plone Privilege Escalation Hi, Can a CVE be assigned to this issue, please? https://plone.org/security/20150910/privilege-escalation-in-kupu An incorrect security declaration would allow any authenticated user to edit kupu settings--the wysiwyg editor for old versions of Plone. Versions affected are all versions Plone 3 through 4.2. A hotfix has been posted only as releases are not made of these versions any longer. The relevant code is: https://plone.org/security/20150910/ The vendor credits with the discovery: Richard Mitchell Thanks, let me know if you'd like more information. Nathan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ