oss-sec mailing list archives
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)
From: Henri Salo <henri () nerv fi>
Date: Fri, 4 May 2012 10:32:41 +0300
On Fri, Mar 23, 2012 at 09:09:30AM -0600, Kurt Seifried wrote:
On 03/23/2012 04:00 AM, Henri Salo wrote:Can I get CVE-identifiers for these two security vulnerabilities? http://osvdb.org/show/osvdb/78105 COMPASS-2012-001 http://osvdb.org/show/osvdb/78106 COMPASS-2012-002 - Henri SaloI'm going to need some original vendor information (name, site, etc.). -- Kurt Seifried Red Hat Security Response Team (SRT)
Hello Kurt and list, I received following information from Paco Avila from OpenKM. I hope this clarifies things. "OpenKM Permission Weakness Admin Privilege Escalation" COMPASS-2012-001 / OSVDB:78105 / SA47424: Diff: AuthServlet.diff Issue tracker: http://issues.openkm.com/view.php?id=1973 "OpenKM Arbitrary Admin User Creation CSRF" COMPASS-2012-002 / OSVDB:78106 / SA47420: Diff: scripting.diff Issue tracker: http://issues.openkm.com/view.php?id=1750 - Henri Salo
Attachment:
AuthServlet.diff
Description:
Attachment:
scripting.diff
Description:
Current thread:
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Apr 27)
- <Possible follow-ups>
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (May 04)
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (May 04)