oss-sec mailing list archives
CVE requests for Review Board
From: Christian Hammond <christian () beanbaginc com>
Date: Mon, 21 Jul 2014 14:59:25 -0700
Hi, We have two security vulnerabilities that were just discovered, which both need CVEs assigned. This is for Review Board (https://www.reviewboard.org). Neither are publicly disclosed. The first was discovered in-house and applies to all Review Board 1.7.x and 2.0.x releases. It allows a user without access to a private review request to retrieve the original or patched files associated with that review request through the API, if they know all the relevant database IDs. The second was discovered by “Uchida.” It allows a user to compose a URL to a rendered section of a diff on Review Board and inject HTML through a query parameter. That URL could then be handed to another user (most likely embedded in an iframe in another page), allowing a custom script to be executed on their behalf. This also applies to both 1.7.x and 2.0.x. Our plan is to get a release out with fixes for these sometime today/tonight. Thanks, Christian -- Christian Hammond - christian () beanbaginc com Review Board - http://www.reviewboard.org Beanbag, Inc. - http://www.beanbaginc.com
Current thread:
- CVE requests for Review Board Christian Hammond (Jul 21)
- Re: CVE requests for Review Board cve-assign (Jul 22)
- Re: CVE requests for Review Board Christian Hammond (Jul 22)
- Re: CVE requests for Review Board cve-assign (Jul 22)