Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Jul 2014 14:59:25 -0700
From: Christian Hammond <christian@...nbaginc.com>
To: oss-security@...ts.openwall.com
Subject: CVE requests for Review Board

Hi,

We have two security vulnerabilities that were just discovered, which both need CVEs assigned. This is for Review Board (https://www.reviewboard.org). Neither are publicly disclosed.

The first was discovered in-house and applies to all Review Board 1.7.x and 2.0.x releases. It allows a user without access to a private review request to retrieve the original or patched files associated with that review request through the API, if they know all the relevant database IDs.

The second was discovered by “Uchida.” It allows a user to compose a URL to a rendered section of a diff on Review Board and inject HTML through a query parameter. That URL could then be handed to another user (most likely embedded in an iframe in another page), allowing a custom script to be executed on their behalf. This also applies to both 1.7.x and 2.0.x.

Our plan is to get a release out with fixes for these sometime today/tonight.

Thanks,

Christian

-- 
Christian Hammond - christian@...nbaginc.com
Review Board - http://www.reviewboard.org
Beanbag, Inc. - http://www.beanbaginc.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.