oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

From: Henri Salo <henri () nerv fi>
Date: Fri, 4 May 2012 10:32:41 +0300
On Fri, Mar 23, 2012 at 09:09:30AM -0600, Kurt Seifried wrote:

On 03/23/2012 04:00 AM, Henri Salo wrote:

Can I get CVE-identifiers for these two security vulnerabilities?

http://osvdb.org/show/osvdb/78105 COMPASS-2012-001
http://osvdb.org/show/osvdb/78106 COMPASS-2012-002

- Henri Salo


I'm going to need some original vendor information (name, site, etc.).

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


Hello Kurt and list,

I received following information from Paco Avila from OpenKM. I hope this clarifies things.

"OpenKM Permission Weakness Admin Privilege Escalation"
COMPASS-2012-001 / OSVDB:78105 / SA47424:
Diff: AuthServlet.diff
Issue tracker: http://issues.openkm.com/view.php?id=1973

"OpenKM Arbitrary Admin User Creation CSRF"
COMPASS-2012-002 / OSVDB:78106 / SA47420:
Diff: scripting.diff
Issue tracker: http://issues.openkm.com/view.php?id=1750

- Henri Salo

Attachment: AuthServlet.diff
Description:

Attachment: scripting.diff
Description:

Previous By Date Next
Previous By Thread Next

Current thread: