oss-sec mailing list archives
Re: CVE Request for Drupal Core
From: cve-assign () mitre org
Date: Mon, 21 Apr 2014 21:18:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SA-CORE-2014-002 - Drupal core - Information Disclosure https://drupal.org/SA-CORE-2014-002
Drupal's form API ... When pages are cached ... there is a chance that interim form input recorded for one anonymous user (which may include sensitive or private information, depending on the nature of the form) will be disclosed to other users interacting with the same form at the same time
Use CVE-2014-2983. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTVcMIAAoJEKllVAevmvmsOhMH/jxUssmaa2sl7LFx/mA3jg46 mSI/dHm9v5ONYa14zoXi2DAEi8birAKjbIgtz/b2kd9Q5RVCzD5qVQiTIjYgQCFD w5VkFkxZp33sG5HsgBGbpQPbHX+M0inHqvH3j4XE36w0QZ8rtNwehWIb/alZoqw2 M4U6OyC6fEUgsJuoeIxg+zvJFYniWOQFI1y5t/XZ6NaTEHyXK85wabaNEuzt4t2O V+zXgdO1gAudEbvYe9kAJ81tcxv9rYXUhpmxePlF5mkQxIDU9RevgRAaCjpvUO/J SThzZT7mBZbUSd7xubU7B2EGGx9JWqKOTKG0KRG4EKkZ+aHpH7UcjOFKUjrxGBY= =vHDf -----END PGP SIGNATURE-----
Current thread:
- CVE Request for Drupal Core Forest Monsen (Apr 18)
- Re: CVE Request for Drupal Core cve-assign (Apr 21)