oss-sec mailing list archives
Re: Cross-Site Request Forgery in Spina CMS
From: cve-assign () mitre org
Date: Tue, 16 Jun 2015 15:50:19 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CSRF vulnerability across the entire engine which includes administrative functionality such as creating users, changing passwords, and media management https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75
app/controllers/spina/application_controller.rb + protect_from_forgery
Use CVE-2015-4619. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVgH1wAAoJEKllVAevmvmsmXEIAJrugn4wE5hSp5pLPpk0cWaM Vn0s3Yp+Nw6bHntxDNBTjfjyfwGfaXPGjcllHKtH6DdRgAjaHKOd6vBFWxW/sG2C oo9uSvA16Jaae7PdSP1jcWcFqNxIQelMmsVhVMAtwt/hhkSBZ/znBzLdoaM6euMI 6JLHcTbi+XGsWOSlTTQmLYY4iwOOBLsCuTR4M2A0SqG6cx7LzdhmTCTpjOA9N8Gs 0h+Rrv5P5E5WOc+NgRLfMo9Z5uNDp3BvPVA9kULsh44i43mj6SIk7Z8b5PzFhL1+ DTPb5HvCmp9cimdsIssPxWA/yvupaUsAJ4FWAz+/zWTBT51yCbAh6opk+XWoa1s= =I+/h -----END PGP SIGNATURE-----
Current thread:
- Cross-Site Request Forgery in Spina CMS Tomek Rabczak (Jun 16)
- Re: Cross-Site Request Forgery in Spina CMS cve-assign (Jun 16)