oss-sec mailing list archives

Re: Cross-Site Request Forgery in Spina CMS

From: cve-assign () mitre org
Date: Tue, 16 Jun 2015 15:50:19 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CSRF vulnerability across the entire engine
which includes administrative functionality such as creating users, changing
passwords, and media management

https://github.com/denkGroot/Spina/commit/bfe44f289e336f80b6593032679300c493735e75

app/controllers/spina/application_controller.rb

+ protect_from_forgery


Use CVE-2015-4619.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVgH1wAAoJEKllVAevmvmsmXEIAJrugn4wE5hSp5pLPpk0cWaM
Vn0s3Yp+Nw6bHntxDNBTjfjyfwGfaXPGjcllHKtH6DdRgAjaHKOd6vBFWxW/sG2C
oo9uSvA16Jaae7PdSP1jcWcFqNxIQelMmsVhVMAtwt/hhkSBZ/znBzLdoaM6euMI
6JLHcTbi+XGsWOSlTTQmLYY4iwOOBLsCuTR4M2A0SqG6cx7LzdhmTCTpjOA9N8Gs
0h+Rrv5P5E5WOc+NgRLfMo9Z5uNDp3BvPVA9kULsh44i43mj6SIk7Z8b5PzFhL1+
DTPb5HvCmp9cimdsIssPxWA/yvupaUsAJ4FWAz+/zWTBT51yCbAh6opk+XWoa1s=
=I+/h
-----END PGP SIGNATURE-----

Current thread:

Cross-Site Request Forgery in Spina CMS Tomek Rabczak (Jun 16)
- Re: Cross-Site Request Forgery in Spina CMS cve-assign (Jun 16)